[6890] in Athena Bugs
vax 7.2P: /bin/login
daemon@ATHENA.MIT.EDU (daemon@ATHENA.MIT.EDU)
Mon Jan 14 11:01:41 1991
Date: Mon, 14 Jan 91 11:01:30 -0500
From: John T Kohl <jtkohl@MIT.EDU>
To: bugs@MIT.EDU
System name: lycus
Type and version: CVAXSTAR 7.2P
Display type: SM
What were you trying to do?
inspect the code in login.c
What's wrong:
It can leave the service key for rcmd.<hostname> on the stack,
which might get exposed.
What should have happened:
It should zero out the key when it's finished using it, as it
does with the ticket and authenticator.
Please describe any relevant documentation references:
/source/athena/bin/login/login.c
