Re: [dev] [ii] exposed password on process monitoring

From: Ivan Kanakarakis <ivan.kanak_AT_gmail.com>
Date: Sat, 21 Apr 2012 02:52:17 +0300

On 21 April 2012 02:42, Bjartur Thorlacius <svartman95_AT_gmail.com> wrote:

> On Fri, 20 Apr 2012 00:37:40 -0000, Nico Golde <nico_AT_ngolde.de> wrote:
>
>> * Ivan Kanakarakis <ivan.kanak_AT_gmail.com> [2012-04-20 01:54]:
>>
>>> I think a nice thing to do that would also resolve the
>>>
>>> naming choice would be to have -k or some other argument
>>> mean that ii should read the -k flag as an env var. so
>>> $ ii -k IRCPASS
>>> would getenv("IRCPASS"), and
>>> $ ii -k OFTCPASS
>>> would getenv("OFTCPASS")
>>> etc
>>>
>>
>> I agree this is actually also a very nice solution! I will think about
>> that a
>> little before I commit.
>>
>> Environment variables are of course also visible using ps (probably ps e
> or ps -e,


dah

  $ ps e -C ii | grep -o "IIPASS=[^ ]*"
  IIPASS="foobar"



> depending on your system, but I'm not on a unice to test atm). I don't
> think, however, that they're leaked on any modern Unix starting with
> Solaris 9.
> Given this lists fetish for esoteric systems, we should tread carefully
> and test before making choices. I recommend using regular files whose
> permissions are better understood. But then again, files are usually
> world-readable by default whereas environment variables nowadays are not,
> so environment variables make at least equal sense.
>
> [Note to self: Party, not write, after eleven o'clock.]
> --
> -,Bjartur
>
>


-- 
*Ivan c00kiemon5ter V Kanakarakis*  >:3
Received on Sat Apr 21 2012 - 01:52:17 CEST

This archive was generated by hypermail 2.3.0 : Sat Apr 21 2012 - 02:00:13 CEST