Re: PAM exec patch to allow PAM_AUTHTOK to be exported.
"Zane C.B." <v.velox@vvelox.net> writes:
> Dag-Erling Sm=C3=B8rgrav <des@des.no> writes:
>> Your patch opens a gaping security hole. Sensitive information
>> should never be placed in the environment.
> Unless I am missing something, this is only dangerous if one is doing
> something stupid with what ever is being executed by pam_exec.
Environment variables may be visible to other processes and users
through e.g. /proc.
DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 3 之 10 篇):