From owner-cvs-all Tue May 23 3:56:46 2000 Delivered-To: cvs-all@freebsd.org Received: from camel.ethereal.net (camel.ethereal.net [216.200.22.209]) by hub.freebsd.org (Postfix) with ESMTP id 8492237B685; Tue, 23 May 2000 03:56:37 -0700 (PDT) (envelope-from jkb@camel.ethereal.net) Received: (from jkb@localhost) by camel.ethereal.net (8.10.0.Beta10/8.10.0.Beta10) id e4NAuWW56118; Tue, 23 May 2000 03:56:32 -0700 (PDT) Date: Tue, 23 May 2000 03:56:32 -0700 From: Jan Koum To: Brian Somers Cc: Hajimu UMEMOTO , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, brian@hak.lan.Awfulhak.org Subject: Re: cvs commit: src/lib/libfetch ftp.c Message-ID: <20000523035632.D47375@ethereal.net> References: <200005230806.JAA00873@hak.lan.Awfulhak.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.1i In-Reply-To: <200005230806.JAA00873@hak.lan.Awfulhak.org>; from brian@Awfulhak.org on Tue, May 23, 2000 at 09:06:08AM +0100 X-Operating-System: FreeBSD camel.ethereal.net 3.4-RELEASE FreeBSD 3.4-RELEASE X-Unix-Uptime: 11:39PM up 17 days, 10:16, 19 users, load averages: 0.05, 0.10, 0.08 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG yep, i ment 'ps -auxwe' ;) peter pointed out that ps in 4.x is fixed not not show the environment, but what about clueless users putting FTP_PASSWORD into .cshrc world readable files? (yeah, yeah, i know about the evil .netrc file too :) also, if another OS borrows this code from us without an audit and with ps which does show -e, they will be in trouble. so i guess this is their problem. like i said: this is not a big deal or even an issue. On Tue, May 23, 2000 at 09:06:08AM +0100, Brian Somers wrote: > Do you mean ps -e ? That hole was plugged (in -current anyway) a few > months ago by phk so that only root or the same user can see the > environment of a given process. > > > btw, putting passwords and passphrases into an environment variable has > > always been bad, since anyone can read it with 'ps -auxww' > > > > not a big deal i guess as long as you know what you are doing... > > > > On Mon, May 22, 2000 at 06:01:14AM -0700, Hajimu UMEMOTO wrote: > > > ume 2000/05/22 06:01:14 PDT > > > > > > Modified files: > > > lib/libfetch ftp.c > > > Log: > > > Use $FTP_PASSWORD for FTP password. If $FTP_PASSWORD is not > > > found, `yourname@yourhost' is used. > > > > > > Revision Changes Path > > > 1.22 +12 -2 src/lib/libfetch/ftp.c > > -- > Brian > > Don't _EVER_ lose your sense of humour ! > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe cvs-all" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message