Date: Tue, 29 Jun 1999 11:04:40 -0500 (CDT) From: dave <dave@comsite.net> To: Bill Fumerola <billf@jade.chc-chimes.com> Cc: Dag-Erling Smorgrav <des@flood.ping.uio.no>, "N.N.M" <madrapour@hotmail.com>, freebsd-security@FreeBSD.ORG Subject: Re: A strange process Message-ID: <Pine.BSF.4.02A.9906291102300.11828-100000@bsdserve1.comsite.net> In-Reply-To: <Pine.BSF.3.96.990629113640.22364C-100000@jade.chc-chimes.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Having the password on the command line is a huge security hole, BTW... Even if the program erases it from argv, there is still the time between when the program is invoked and when it erases argv when the password can be grabbed. A script doing nothing but ps would eventually grab one. On Tue, 29 Jun 1999, Bill Fumerola wrote: > On 29 Jun 1999, Dag-Erling Smorgrav wrote: > > > Bill Fumerola <billf@jade.chc-chimes.com> writes: > > > On Tue, 29 Jun 1999, N.N.M wrote: > > > > login -p zzzzzzzz > > > > > > The password given at the command line, however login 'hides' that > > > password in the process list so people snooping around don't catch it. > > > > No. 'man login'. > > Oh, well, that's what the mysql client does, I just made a guess. :> > > - bill fumerola - billf@chc-chimes.com - BF1560 - computer horizons corp - > - ph:(800) 252-2421 - bfumerol@computerhorizons.com - billf@FreeBSD.org - > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9906291102300.11828-100000>