[PATCH][1/2] hal-luks-setup-linux: fix/cleanup password handling
David Zeuthen
david at fubar.dk
Wed Jan 31 16:58:40 PST 2007
On Wed, 2007-01-31 at 23:39 +0100, Danny Kukawka wrote:
> On Wednesday 31 January 2007 23:31, David Zeuthen wrote:
> [...]
> > Looks good to me; I was paranoid about the following
> >
> > #!/bin/sh
> > read foo
> > echo $foo
> >
> > and the caller passing in e.g.
> >
> > `echo owned | passwd --stdin root`
> >
> > but it seems this attack is not really possible yes? I couldn't
> > reproduce it anyway so if you agree go ahead and commit it please.
> > Thanks.
>
> This change was reviewed/discussed by/with the SUSE security team, therefore I
> would say there is no way to do something like that. ;-)
Cool. Go for it, thanks!
David
More information about the hal
mailing list