Hacker News new | past | comments | ask | show | jobs | submit login

How does Passport find its credentials? IDK, but I'd guess there is a series something like: exec flag, envvar, config file in user's home directory, config file in default /etc location. Attackers would just use the same logic. That wouldn't get them the first thing in the list, but that's probably not how it was set up anyway. If one were worried about time, one could patch Passport to print the results after it had done the work itself.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact