PAM exec patch to allow PAM_AUTHTOK to be exported.
Zane C.B.
v.velox at vvelox.net
Sun May 20 23:59:40 UTC 2007
On Sun, 20 May 2007 17:49:19 +0200
Dag-Erling Smørgrav <des at des.no> wrote:
> "Zane C.B." <v.velox at vvelox.net> writes:
> > I figure some one here may find this interesting. I just begun
> > work on allowing a smb home directory to be automounted upon
> > login.
>
> Your patch opens a gaping security hole. Sensitive information
> should never be placed in the environment.
Unless I am missing something, this is only dangerous if one is doing
something stupid with what ever is being executed by pam_exec.
More information about the freebsd-security
mailing list