Re: [dev] [ii] exposed password on process monitoring

From: Andrew Hills <hills.as_AT_gmail.com>
Date: Thu, 14 Jun 2012 22:40:49 -0400

If you don't want the password argument to appear in ps/top listings,
you can write over argv like curl does (see references to
cleanarg(char*) in src/tool_getparam.c and the function definition in
tool_paramhlp.c:133, at least in curl-7.26.0). I'm pretty sure that
writable argv is guaranteed by C89, although that doesn't really mean
anything in practice... but it works on Linux.

--Andrew Hills
Received on Fri Jun 15 2012 - 04:40:49 CEST

This archive was generated by hypermail 2.3.0 : Fri Jun 15 2012 - 04:48:04 CEST