Date: Mon, 3 Jan 2000 16:52:17 -0600 (CST) From: Steve Price <sprice@hiwaay.net> To: Kelly Yancey <kbyanc@posi.net> Cc: Will Andrews <andrews@TECHNOLOGIST.COM>, ports@FreeBSD.ORG, "Dr. Brain" <drbrain@toxic.magnesium.net> Subject: RE: Uptimes project has moved Message-ID: <Pine.OSF.4.21.0001031644520.28305-100000@fly.HiWAAY.net> In-Reply-To: <Pine.BSF.4.05.10001031735540.20196-100000@kronos.alcnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 Jan 2000, Kelly Yancey wrote: # The version I was looking at was 4.03 and was named upclient-4.03.tar.gz # (http://www.uptimes.net/download/upclient-4.03.tar.gz). All the # parameters: username/password, host ID, and any proxy server settings were # all compiled in. It is unreasonable to try and collect all this # information before installing the port. If someone adds command-line # parsing, perhaps the author would release a version 4.04 which would be a # more straightforward port. One immediate problem I see with either version is that the password is out in the open. Hardcoded in the binary you can get it with strings(1). On the commandline and you can see it with ps(1). The executable either needs to get the password when it is started (interactively) or from a config file which is mode 0400. That said it is probably better to put the readConfig routine back and get it from a config file so that one could have an /usr/local/etc/rc.d/upclient.sh that started this jewel on bootup. Of course it may not be that critical to secure the password and it would pointless for me to bring this up. :) -steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.4.21.0001031644520.28305-100000>