<<< Date Index >>>     <<< Thread Index >>>

Re: Security vulnerability in APOP authentication



$LD_LIBRARY_PATH and $LD_PRELOAD?  You know, these are global
configuration variable, what's in here should be here for a reason.  It
offers many creative ways of shooting yourself in the foot, but it also
offers many useful way of solving real-life problems.  If you're not
confident in what's in the $PATH, just don't use the computer.  And if
you want a specific $PATH for mutt, that's easy to do with a wrapper
script.  But if every program has it's own idea of the PATH it's a real
nightmare for everybody.
Date: Sat, 17 Mar 2007 15:08:50 +0100
In-Reply-To: <qlkveh36fm7.fsf@xxxxxxxxxxxxxx> (=?iso-8859-1?Q?Ga=EBtan?=
 LEURENT's message of "Wed, 14 Mar 2007 15:53:36 +0100")
Message-ID: <qlk1wjohsi5.fsf@xxxxxxxxxxxxxx>
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (usg-unix-v)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable


Ga=EBtan LEURENT wrote on 14 Mar 2007 15:53:36 +0100:

> I found a security vulnerability in the APOP authentication.  It is
> related to recent collision attacks by Wang and al. against MD5.

Does somebody care about this, are you all busy reinventing Unix's
$PATH?

--=20
Ga=EBtan LEURENT