Re: [dev] [ii] exposed password on process monitoring

From: Andrew Hills <hills.as_AT_gmail.com>
Date: Sat, 16 Jun 2012 08:05:45 -0400

On Fri, Jun 15, 2012 at 7:14 PM, Calvin Morrison <mutantturkey_AT_gmail.com> wrote:
> On Jun 15, 2012 6:13 PM, "Kurt H Maier" <khm-suckless_AT_intma.in> wrote:
>> On Fri, Jun 15, 2012 at 05:28:14PM -0400, Calvin Morrison wrote:
>> > Why not just pass the argument from a file?
>> >
>> > Exec --flag `cat password-file`
>> hahahah
> What is so funny?

Try this for me: take the attached file, argv.c, and drop it
somewhere; find it, run "make argv", and then do something like:
$ echo secretpassword > passwordfile
$ ./argv `cat passwordfile`
Look at the output. If you haven't caught on yet, run ps or top and
look at the process. Make sense now?

--Andrew Hills

Received on Sat Jun 16 2012 - 14:05:45 CEST

This archive was generated by hypermail 2.3.0 : Sat Jun 16 2012 - 14:12:04 CEST