[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: bunch of questions: pam_unix implementation... (long)



"Michael Ju. Tokarev" wrote:
> 4.a. why current pam_unix uses "strange" method of "storing" password
> afetr a user prompt?  Here is a simplified code:
> 
>   pam_converse(..., &resp, ...);
>   pass = strdup(resp[0].resp);
>   pam_drop_reply(resp);

I think this was intended (one late night) as a paranoia thing. The
intention was to explicitly break the link between any dangling pointer
reference in some state that the application (conversation function)
might have, to the current location of the password. The reasoning being
that it is easier to audit a module's use of a password if you know
there are no other references to the memory it is stored in (outside the
module and by extension the libc it uses for something like strdup()).

That was the intention at least, hindsight and years later, it looks a
little optimistic.

Cheers

Andrew





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []