Date: Sun, 5 Aug 2001 02:34:56 +0400 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Mark Murray <mark@grondar.za> Cc: Bill Fenner <fenner@research.att.com>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libopie Makefile Message-ID: <20010805023456.A36079@nagual.pp.ru> In-Reply-To: <200108041415.f74EFhr12941@grimreaper.grondar.za> References: <20010803221915.A16875@nagual.pp.ru> <200108041415.f74EFhr12941@grimreaper.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Aug 04, 2001 at 15:15:43 +0100, Mark Murray wrote: > > Exact the same thing I say. Why pretend to be more secure (really _false_ > > secure) since this sort of security can be easily overriden by even not so > > expirienced hacker using > > > > "echo mypassphrase | env DISPLAY=:0 otp-md5 ..." > > > > and the same tricks? > > That is a bug that needs to be fixed in its own right. It is not a bug, it is official way OPIE detects that connection is secure. That is, via environment variable :-( Do you know secure ways to detect running on X console? Or running under SSH connection? -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010805023456.A36079>