On 20/1/2000 Ben Gertzfield wrote:
OK, so why don't we take theirs? This is something that's really useful. :) What package would it go in under Debian?
I suppose it could be done, but maybe it would be a good idea to go over the code first to make sure you cannot trick it into running pam_start_root_shell.so or some other nasty flaw.
personally, when i used it I was not pleased with the defaults, which are to leak your X cookie to any user you su to. it does have a mechanism for the user to prevent there key from being exported to any user they do not specify, but i think that should be default. ie it should never leak the cookie unless the user explicitly adds the target user to the allow file. or perhaps only leaks it to root by default, but not other users.
but otoh maybe i'm being overly paranoid. ;-) -- Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/