PAM exec patch to allow PAM_AUTHTOK to be exported.
Zane C.B.
v.velox at vvelox.net
Sun May 20 23:38:04 UTC 2007
On Sun, 20 May 2007 20:06:19 +0200
Dan Lukes <dan at obluda.cz> wrote:
> Dag-Erling Smørgrav napsal/wrote, On 05/20/07 19:10:
> > "Zane C.B." <v.velox at vvelox.net> writes:
> >> Dag-Erling Smørgrav <des at des.no> writes:
> >>> Your patch opens a gaping security hole. Sensitive information
> >>> should never be placed in the environment.
> >> Unless I am missing something, this is only dangerous if one is
> >> doing something stupid with what ever is being executed by
> >> pam_exec.
> >
> > Environment variables may be visible to other processes and users
> > through e.g. /proc.
>
> Many sensitive informations can be accessible via /dev/kmem
> but the default mode of the device doesn't allow regular user
> access.
>
> We trust the responsible administrator he doesn't load the
> mem.ko module and change the mode/ownership of /dev/kmem the way
> that open a hole.
>
> So we shall trust the same administrator he doesn't load
> the procfs.ko and mount /proc creating the security hole this way.
>
> Please note I agree with the conclusion - the offered patch
> shall be rejected. I disagree with explanation only. It's not as
> simple as presented.
I agree with D.E.S. about procfs, but by your argument by what I wrote
is a bad idea, would not PAM and any other form of authentication be a
bad idea?
More information about the freebsd-security
mailing list