Re: [dev] [ii] exposed password on process monitoring

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Rob <robpilling_AT_gmail.com>
Date: Fri, 15 Jun 2012 12:53:07 +0100

On 15 June 2012 03:40, Andrew Hills <hills.as_AT_gmail.com> wrote:
> If you don't want the password argument to appear in ps/top listings,
> you can write over argv like curl does (see references to
> cleanarg(char*) in src/tool_getparam.c and the function definition in
> tool_paramhlp.c:133, at least in curl-7.26.0). I'm pretty sure that
> writable argv is guaranteed by C89, although that doesn't really mean
> anything in practice... but it works on Linux.

You can't depend on this - what if another user's process snapshots ii's
argv array before ii overwrites it?

Rob
Received on Fri Jun 15 2012 - 13:53:07 CEST

This archive was generated by hypermail 2.3.0 : Fri Jun 15 2012 - 14:00:11 CEST