Securid env variables?

mackay at mackay at
Wed Sep 27 13:39:55 EDT 2000

From: Scott D. MacKay


    Wanted to drop a question on the SecurID Auth mechanism, based on some
interesting results I had during an install.

The problem I found revolved around the fact that SecurID utilizes 3
variables, as seen in the ACE SecurID examples section, which indicate
where SecurID related material resides.  These are, I believe, VAR_ACE,
USR_ACE, and DLC_ACE.  I have a concern that a user may be able to set
these before invoking SUDO and cause it to point to a potentailly malicious
area for authentication.  I have not reviewed the code well enough to be
positive, though.

I found this because my attemptive build failed to find the securid data

I was able to correct this (and close what I think may be a problem) by
adding the following 3 lines to securid.c at the start of  securid_init()


I would assume the 'correct' way to do this is via #define settings based
on your 'configure' settings, but wanted to see if others think this is a


More information about the sudo-workers mailing list