Re: Security vulnerability in APOP authentication
$LD_LIBRARY_PATH and $LD_PRELOAD? You know, these are global
configuration variable, what's in here should be here for a reason. It
offers many creative ways of shooting yourself in the foot, but it also
offers many useful way of solving real-life problems. If you're not
confident in what's in the $PATH, just don't use the computer. And if
you want a specific $PATH for mutt, that's easy to do with a wrapper
script. But if every program has it's own idea of the PATH it's a real
nightmare for everybody.
Date: Sat, 17 Mar 2007 15:08:50 +0100
In-Reply-To: <qlkveh36fm7.fsf@xxxxxxxxxxxxxx> (=?iso-8859-1?Q?Ga=EBtan?=
LEURENT's message of "Wed, 14 Mar 2007 15:53:36 +0100")
Message-ID: <qlk1wjohsi5.fsf@xxxxxxxxxxxxxx>
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (usg-unix-v)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Ga=EBtan LEURENT wrote on 14 Mar 2007 15:53:36 +0100:
> I found a security vulnerability in the APOP authentication. It is
> related to recent collision attacks by Wang and al. against MD5.
Does somebody care about this, are you all busy reinventing Unix's
$PATH?
--=20
Ga=EBtan LEURENT