[PATCH][1/2] hal-luks-setup-linux: fix/cleanup password handling
Danny Kukawka
danny.kukawka at web.de
Wed Jan 31 14:39:24 PST 2007
On Wednesday 31 January 2007 23:31, David Zeuthen wrote:
[...]
> Looks good to me; I was paranoid about the following
>
> #!/bin/sh
> read foo
> echo $foo
>
> and the caller passing in e.g.
>
> `echo owned | passwd --stdin root`
>
> but it seems this attack is not really possible yes? I couldn't
> reproduce it anyway so if you agree go ahead and commit it please.
> Thanks.
This change was reviewed/discussed by/with the SUSE security team, therefore I
would say there is no way to do something like that. ;-)
Danny
More information about the hal
mailing list