From owner-cvs-all Sun Aug 5 8:25:47 2001 Delivered-To: cvs-all@freebsd.org Received: from arb.arb.za.net (arb.arb.za.net [196.7.148.4]) by hub.freebsd.org (Postfix) with ESMTP id 2FDAB37B401; Sun, 5 Aug 2001 08:25:38 -0700 (PDT) (envelope-from mark@grondar.za) Received: (from uucp@localhost) by arb.arb.za.net (8.11.3/8.11.3) with UUCP id f75FMuf41950; Sun, 5 Aug 2001 17:22:56 +0200 (SAST) (envelope-from mark@grondar.za) Received: from grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.11.5/8.11.4) with ESMTP id f75EcmZ04259; Sun, 5 Aug 2001 15:38:48 +0100 (BST) (envelope-from mark@grondar.za) Message-Id: <200108051438.f75EcmZ04259@grimreaper.grondar.za> To: "Andrey A. Chernov" Cc: Bill Fenner , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libopie Makefile References: <20010805023456.A36079@nagual.pp.ru> In-Reply-To: <20010805023456.A36079@nagual.pp.ru> ; from "Andrey A. Chernov" "Sun, 05 Aug 2001 02:34:56 +0400." Date: Sun, 05 Aug 2001 15:38:47 +0100 From: Mark Murray Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > That is a bug that needs to be fixed in its own right. > > It is not a bug, it is official way OPIE detects that connection is > secure. That is, via environment variable :-( But environment variables are spoofable and therefore insecure. It may be the way that OPIE does it, but it is an insecure algorithm and it needs to be fixed. (I have a partial fix that does ttys(5) secure detection). > Do you know secure ways to detect running on X console? Or running under > SSH connection? X is pretty much by definition insecure, but there are ways of securing xterms. I am looking at how to detect this. I'm not sure how to detect SSH, but I'll listen to suggestions. M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message