Date: Fri, 12 Nov 1999 20:53:03 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: Alexander Leidinger <A.Leidinger@WJPServer.CS.Uni-SB.de> Cc: dcs@newsguy.com, current@freebsd.org Subject: Re: "man" reads /etc/rc.conf? Message-ID: <Pine.BSF.3.96.991112205030.45270E-100000@fledge.watson.org> In-Reply-To: <199911101822.TAA00926@work.net.local>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 10 Nov 1999, Alexander Leidinger wrote: > On 11 Nov, Daniel C. Sobral wrote: > >> >> (102) netchild@ttyp2 > grep cat /etc/rc.conf.local > >> >> spppconfig_isp0=3D"`cat /etc/isdn/connect.parameters`" > > ^^^ > > Calling programs from any of the rc.conf files is considered evil > > and it's looked down on. >=20 > It=B4s there to hide login/passwd information for i4b. But it seems like the end up as arguments to ifconfig at a later date, where a user can pull them out of ps, /proc, etc. The window there is clearly shorter than keeping it in /etc/rc.conf, but still not "secure" per se. The same goes for the use of environmental variables, which can also be listed using ps. Probably spppconfig should accept a filename with the contents as an argument, or the information via a pipe. =20 Robert N M Watson=20 robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.991112205030.45270E-100000>