top | item 28276200

(no title)

wowaname | 4 years ago

There are some issues with nuvious' pam-duress that allow for untrusted string inputs when handling scripts with system() call, and I sent a patch to them via E-mail in an attempt to highlight the issues and provide a basis for a better way to handle it.

discuss

nuvious|4 years ago

Hey, just found that patch in my email. Will try to get that encoded into a formal issues on the project. If you have time yourself feel free to that or any other issue yourself. Also looking for 3rd party reviews on the PR's I have open now and into the future.

wowaname|4 years ago

I don't use Github, but thanks for confirming you received it, and feel free to take time to get around to it.