PAM exec patch to allow PAM_AUTHTOK to be exported.
Dag-Erling Smørgrav
des at des.no
Sun May 20 17:10:37 UTC 2007
"Zane C.B." <v.velox at vvelox.net> writes:
> Dag-Erling Smørgrav <des at des.no> writes:
>> Your patch opens a gaping security hole. Sensitive information
>> should never be placed in the environment.
> Unless I am missing something, this is only dangerous if one is doing
> something stupid with what ever is being executed by pam_exec.
Environment variables may be visible to other processes and users
through e.g. /proc.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list