Subject: Re: suid helper to verify own passwd
To: Christian Biere <firstname.lastname@example.org>
From: Thor Lancelot Simon <email@example.com>
Date: 12/21/2006 21:33:44
On Fri, Dec 22, 2006 at 03:29:28AM +0100, Christian Biere wrote:
> Christian Biere wrote:
> > > static char pwbuf;
> > pwbuf is/must be NUL-terminated?
> Ok, I noticed that pwbuf is static and the check for buflen==0.
> I guess using a mlock()ed buffer instead would be paranoid?
What exactly is the point of this? The program which prompted for the
user's password, after all, will not be mlocked, and could be swapped
Thor Lancelot Simon firstname.lastname@example.org
"The liberties...lose much of their value whenever those who have greater
private means are permitted to use their advantages to control the course
of public debate." -John Rawls