[dev] [ii] exposed password on process monitoring

From: Ivan Kanakarakis <ivan.kanak_AT_gmail.com>
Date: Thu, 19 Apr 2012 18:54:29 +0300

Hi all,

I'm using ii lately as my irc client (written a simple frontend too -- will
post on another mail)
What I noticed (and is expected) is that because ii takes as an argument
the password/-k,
the password is exposed to anyone that can see what processes are running
try running ii with -k yourpasswd and see the output of

  $ ps -o cmd -C ii
  ii -k allyourpasswdarebelongtous ..

As no process can hide its arguments, how should one go around this ?

I guess some possible workarounds would be
- reading the passwd from an environmental var (is that any safer?)
- reading the passwd from a file (overkill ?)
- ?

what do you people think ?
should this be 'fixed' in ii ?

*Ivan c00kiemon5ter V Kanakarakis *
Received on Thu Apr 19 2012 - 17:54:29 CEST

This archive was generated by hypermail 2.3.0 : Thu Apr 19 2012 - 18:00:09 CEST