From owner-freebsd-ports  Tue Jan  4 16:29: 5 2000
Delivered-To: freebsd-ports@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
	id CE19614FA6; Tue,  4 Jan 2000 16:29:04 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id BC7D81CD444; Tue,  4 Jan 2000 16:29:04 -0800 (PST)
	(envelope-from kris@hub.freebsd.org)
Date: Tue, 4 Jan 2000 16:29:04 -0800 (PST)
From: Kris Kennaway <kris@hub.freebsd.org>
To: Dominik Brettnacher <domi@saargate.de>
Cc: "sprice@hiwaay.net" <sprice@hiwaay.net>, kbyanc@posi.net,
	andrews@technologist.com, ports@freebsd.org,
	drbrain@toxic.magnesium.net
Subject: RE: Uptimes project has moved
In-Reply-To: <Pine.BSF.4.10.10001041126560.18745-100000@localhost>
Message-ID: <Pine.BSF.4.21.0001041626290.68003-100000@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 4 Jan 2000, Dominik Brettnacher wrote:

> > One immediate problem I see with either version is that the password is
> > out in the open.  Hardcoded in the binary you can get it with strings(1).
> > On the commandline and you can see it with ps(1). 
> 
> The program could call setproctitle(3) in order to avoid this.

There is still a race condition here. Reading from private data (e.g. a
mode 600 file) is the only way to be safe.

Kris



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message