Re: [dev] [ii] exposed password on process monitoring

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Kurt H Maier <khm-suckless_AT_intma.in>
Date: Sat, 16 Jun 2012 11:32:12 -0400

On Sat, Jun 16, 2012 at 05:27:00PM +0200, markus schnalke wrote:
> [2012-06-16 17:00] Nico Golde <nico_AT_ngolde.de>
> >
> > Thanks for reminding me. ii tip contains a change now so that -k specifies
> > an environment variable containing the password and not the password
> > directly.
>
> AFAIR the environment can be displayed, too. I think it was `ps e'.
> Hence the fix is no fix.

A process environment is not necessarily public. Most systems nowadays
do not expose process environments by default.
Received on Sat Jun 16 2012 - 17:32:12 CEST

This archive was generated by hypermail 2.3.0 : Sat Jun 16 2012 - 17:36:07 CEST