I figure some one here may find this interesting. I just begun work on allowing a smb home directory to be automounted upon login. -------------- next part -------------- A non-text attachment was scrubbed... Name: pam_exec.c.diff Type: text/x-patch Size: 213 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20070519/19e6bd01/pam_exec.c.bin
Dag-Erling Smørgrav
2007-May-20 16:21 UTC
PAM exec patch to allow PAM_AUTHTOK to be exported.
"Zane C.B." <v.velox@vvelox.net> writes:> I figure some one here may find this interesting. I just begun work > on allowing a smb home directory to be automounted upon login.Your patch opens a gaping security hole. Sensitive information should never be placed in the environment. DES -- Dag-Erling Sm?rgrav - des@des.no
On Sun, 20 May 2007 17:49:19 +0200 Dag-Erling Sm?rgrav <des@des.no> wrote:> "Zane C.B." <v.velox@vvelox.net> writes: > > I figure some one here may find this interesting. I just begun > > work on allowing a smb home directory to be automounted upon > > login. > > Your patch opens a gaping security hole. Sensitive information > should never be placed in the environment.Unless I am missing something, this is only dangerous if one is doing something stupid with what ever is being executed by pam_exec.