On Wed, 29 Jun 2016 09:37:05 -0400, Ken Hornstein said:
I get it. Kerberos uses file permissions to protect the live token (the /tmp/krb5_* file). I just want to make sure we are not letting things like that slip through, where people are not aware that, e.g., environment variables or process arguments aren't secure.I hear you. Clearly from a security standpoint passing the bearer token via a process argument isn't a good idea. Like I said, I'm willing to fix this if my solution is acceptable to everyone.
The usual way to do this is to open a file on /tmp, unlink it, scribble the bits into the file, and pass the still-open file descriptor to the child process and pass just a '-fd 5' or whatever to tell the child which descriptor to read from....
pgpqk593keRSK.pgp
Description: PGP signature
_______________________________________________ Nmh-workers mailing list Nmh-workers(_at_)nongnu(_dot_)org https://lists.nongnu.org/mailman/listinfo/nmh-workers