Re: [dev] [ii] exposed password on process monitoring

From: Calvin Morrison <mutantturkey_AT_gmail.com>
Date: Sat, 16 Jun 2012 10:44:33 -0400

Ah how silly of me
On Jun 16, 2012 8:06 AM, "Andrew Hills" <hills.as_AT_gmail.com> wrote:

> On Fri, Jun 15, 2012 at 7:14 PM, Calvin Morrison <mutantturkey_AT_gmail.com>
> wrote:
> > On Jun 15, 2012 6:13 PM, "Kurt H Maier" <khm-suckless_AT_intma.in> wrote:
> >> On Fri, Jun 15, 2012 at 05:28:14PM -0400, Calvin Morrison wrote:
> >> > Why not just pass the argument from a file?
> >> >
> >> > Exec --flag `cat password-file`
> >> hahahah
> > What is so funny?
>
> Try this for me: take the attached file, argv.c, and drop it
> somewhere; find it, run "make argv", and then do something like:
> $ echo secretpassword > passwordfile
> $ ./argv `cat passwordfile`
> Look at the output. If you haven't caught on yet, run ps or top and
> look at the process. Make sense now?
>
> --Andrew Hills
>
Received on Sat Jun 16 2012 - 16:44:33 CEST

This archive was generated by hypermail 2.3.0 : Sat Jun 16 2012 - 16:48:03 CEST