Re: Security vulnerability in APOP authentication
Gaëtan LEURENT wrote on 14 Mar 2007 15:53:36 +0100:
> I found a security vulnerability in the APOP authentication. It is
> related to recent collision attacks by Wang and al. against MD5.
Does somebody care about this, are you all busy reinventing Unix's
$PATH?
By the way, what's the next step? Messing around $LD_LIBRARY_PATH and
$LD_PRELOAD? You know, these are global configuration variable, what's
in here should be here for a reason. It offers many creative ways of
shooting yourself in the foot, but it also offers many useful way of
solving real-life problems. If you're not confident in what's in the
$PATH, just don't use the computer. And if you want a specific $PATH
for mutt, that's easy to do with a wrapper script. But if every program
has it's own idea of the PATH it's a real nightmare for everybody.
[Sorry for the first broken version of this message]
--
Gaëtan LEURENT