[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] XOAUTH2 integration, and a few questions

From: Valdis . Kletnieks
Subject: Re: [Nmh-workers] XOAUTH2 integration, and a few questions
Date: Wed, 29 Jun 2016 10:01:56 -0400

On Wed, 29 Jun 2016 09:37:05 -0400, Ken Hornstein said:
> >I get it. Kerberos uses file permissions to protect the live token
> >(the /tmp/krb5_* file).  I just want to make sure we are not letting
> >things like that slip through, where people are not aware that, e.g.,
> >environment variables or process arguments aren't secure.
> I hear you.  Clearly from a security standpoint passing the bearer token
> via a process argument isn't a good idea.  Like I said, I'm willing to
> fix this if my solution is acceptable to everyone.

The usual way to do this is to open a file on /tmp, unlink it, scribble the
bits into the file, and pass the still-open file descriptor to the child
process and pass just a '-fd 5' or whatever to tell the child which descriptor
to read from....

Attachment: pgp35vcDb5qja.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]