Date: Tue, 29 Jun 1999 10:33:02 -0600 (MDT) From: Paul Hart <hart@iserver.com> To: dave <dave@comsite.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: A strange process Message-ID: <Pine.BSF.3.96.990629102912.24215A-100000@anchovy.orem.iserver.com> In-Reply-To: <Pine.BSF.4.02A.9906291102300.11828-100000@bsdserve1.comsite.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 29 Jun 1999, dave wrote:
> Having the password on the command line is a huge security hole, BTW...
> Even if the program erases it from argv, there is still the time between
> when the program is invoked and when it erases argv when the password can
> be grabbed. A script doing nothing but ps would eventually grab one.
> > login -p zzzzzzzz
Uhh, are you thinking that "zzzzzzzz" is the password? Maybe I'm missing
something but "man login" says:
SYNOPSIS
login [-fp] [-h hostname] [user]
[...]
-p By default, login discards any previous environment. The -p
option disables this behavior.
Wouldn't that mean that "zzzzzzzz" is a username?
Paul Hart
--
Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc.
hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990629102912.24215A-100000>