tech-security: Re: suid helper to verify own passwd

Subject: Re: suid helper to verify own passwd
To: None <tech-security@netbsd.org>
From: Christian Biere <christianbiere@gmx.de>
List: tech-security
Date: 12/22/2006 03:29:28

Christian Biere wrote:
> > static char pwbuf[1024];
> pwbuf is/must be NUL-terminated?

Ok, I noticed that pwbuf[] is static and the check for buflen==0.
I guess using a mlock()ed buffer instead would be paranoid?

-- 
Christian