On 13 June 2012 16:25, Edgaras <devoas_AT_gmail.com> wrote:
> I was thinking about password handling for such programs as ii, jj, ji and
> how
> to not store it anywhere, except maybe in program itself in case of needed
> reconnect. So I was playing a little with ji and it reads pw from stdin
> like "ji
> -j jid_AT_sev < pw_file". Also recently I was reading about terminal
> options, and
> stty command, after thinkgin about for a while I have come up to something
> like:
>
> stty -echo; cat | ji -j jid_AT_server ; stty echo; fg
>
> Though it is not fully refined, and since I failed to connect to gtalk,
> thus did
> not have any usage of ji yet, the idea seems promising. Disable echo so
> that
> noone could peek over shoulder, enter pw, press ctrl-d couple of times and
> pass
> it to the client, then enable echo again in case it is needed. So mabe such
> solution could work with ii too. Or maybe im missing something and pw still
> could be seen somehow even when using this way?
>
>
ii doesn't read anything from stdin. as long as it gets the
passwd as an argument, the passwd will be exposed.
not echoing the passwd maybe wanted by people, but
that doesn't mean that it can't leak in other ways.
#!/bin/sh
stty -echo echonl
printf "Enter password: "
read -r passwd
stty echo
ii -n foo -k "$passwd" -.. &
printf "ii runs with pid: %s\n" "$!"
then try
$ ps -opid,cmd -p <pid>
--
*Ivan c00kiemon5ter V Kanakarakis* >:3
Received on Thu Jun 14 2012 - 00:27:42 CEST