From owner-freebsd-security Tue Aug 11 17:41:49 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA10258 for freebsd-security-outgoing; Tue, 11 Aug 1998 17:41:49 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mail1.its.rpi.edu (mail1.its.rpi.edu [128.113.100.7]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA10228 for ; Tue, 11 Aug 1998 17:41:38 -0700 (PDT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail1.its.rpi.edu (8.8.8/8.8.6) with ESMTP id UAA24998; Tue, 11 Aug 1998 20:41:22 -0400 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Sender: drosih@pop1.rpi.edu Message-Id: In-Reply-To: Date: Tue, 11 Aug 1998 20:45:13 -0400 To: mtaylor@cybernet.com, freebsd-security@FreeBSD.ORG From: Garance A Drosihn Subject: Re: Possible security "risk" in ftp client Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 4:38 PM -0400 8/11/98, Mark J. Taylor wrote: > This is actually quite bad: any "ps -ax" will show the username > and password. Using setproctitle(3) would be an attempt to close > this, but it would create a race condition. > > The program "/usr/bin/fetch" does it better: use the environment > variables FTP_LOGIN and FTP_PASSWORD. I guess you haven't tried 'ps -axeww' very often... At the very least, it does sound like a good idea to have the ftp client call setproctitle (or whatever) to reduce the security exposure of the current behavior, but changing it to use environment variables would be a step backwards... --- Garance Alistair Drosehn = gad@eclipse.its.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message