Matthias Drochner wrote:
> The backside is that if one succeeds to eavesdrop the
> communication between the (unprivileged) client program
> and the SUID helper, he gets the plaintext password and
> no strong passwd encryption will help.

Out of curiosity, is it possible to grab the pipe from /proc/<pid>/fd/0 and
then read the input before the helper does?

> One can argue (as does Joerg) that such an attacker could
> listen to X11 events carrying the passwd as well, so there
> is no additional danger.

That's one reason why I prefer the console over X for certain things.

-- 
Christian