NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FreeBSD Security> 2007-05

Re: PAM exec patch to allow PAM_AUTHTOK to be exported.

From: Dag-Erling SmÃ¸rgrav (desdes.no)
Date: Sun May 20 2007 - 12:10:33 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Zane C.B." <v.veloxvvelox.net> writes:
> Dag-Erling SmÃ¸rgrav <desdes.no> writes:
>> Your patch opens a gaping security hole. Sensitive information
>> should never be placed in the environment.
> Unless I am missing something, this is only dangerous if one is doing
> something stupid with what ever is being executed by pam_exec.

Environment variables may be visible to other processes and users
through e.g. /proc.

DES
--
Dag-Erling SmÃ¸rgrav - desdes.no
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]