xauth: needs cookie handling warnings in man page
Alan Coopersmith
alan.coopersmith at oracle.com
Mon Jul 25 13:45:36 PDT 2011
On 07/22/11 20:18, Michael Gilbert wrote:
> Hi,
>
> Insecure xauth usage has lead to a few security bugs recently fixed in
> Debian. Man page warnings may guide users/developers toward more secure
> usages. See attached patch for a possible solution.
Are you adding warnings to every man page for every program that users may
pass secret data to on the command line? Seems like a huge task, and I'd
hope there's a better way to educate script writers not to do that for any
command, not just those with man page warnings. (Though I can't actually
think of one of the top of my head at the moment.)
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Platform Engineering: X Window System
More information about the xorg-devel
mailing list