Re: [dev] [ii] exposed password on process monitoring

From: Bjartur Thorlacius <>
Date: Fri, 20 Apr 2012 23:42:57 -0000

On Fri, 20 Apr 2012 00:37:40 -0000, Nico Golde <> wrote:
> * Ivan Kanakarakis <> [2012-04-20 01:54]:
>> I think a nice thing to do that would also resolve the
>> naming choice would be to have -k or some other argument
>> mean that ii should read the -k flag as an env var. so
>> $ ii -k IRCPASS
>> would getenv("IRCPASS"), and
>> $ ii -k OFTCPASS
>> would getenv("OFTCPASS")
>> etc
> I agree this is actually also a very nice solution! I will think about
> that a
> little before I commit.
Environment variables are of course also visible using ps (probably ps e
or ps -e, depending on your system, but I'm not on a unice to test atm). I
don't think, however, that they're leaked on any modern Unix starting with
Solaris 9.
Given this lists fetish for esoteric systems, we should tread carefully
and test before making choices. I recommend using regular files whose
permissions are better understood. But then again, files are usually
world-readable by default whereas environment variables nowadays are not,
so environment variables make at least equal sense.

[Note to self: Party, not write, after eleven o'clock.]
Received on Sat Apr 21 2012 - 01:42:57 CEST

This archive was generated by hypermail 2.3.0 : Sat Apr 21 2012 - 01:48:04 CEST