I just released version 0.3 of PAM_Extern, a PAM plugin that executes another program/script and uses its return value to authenticate a user. The theory behind that is that while a lot of people might be able to create authentication schemes, few are are able to do so using C and the PAM library.

This release fixes a critical security flaw. The password used to be passed to the program in the environment variable 'AuthToken'. I was unaware that environment variables can be seen in the output of (on Linux) 'ps auxe'.
The password is now passed on STDIN.
Furthermore, possible out-of-memory problems are now handled by aborting the authentication if a call to malloc(2) fails.
Also, all malloc'd buffers are no longer simply free'd, but handled by _pam_overwrite and _pam_drop.

Everyone is strongly advised to update! Your passwords are at risk :-)


EOF