BugTraq
ps information leak in FreeBSD Jan 05 2003 08:46PM
Cache (cache sowatech com pl) (2 replies)
Re: ps information leak in FreeBSD Jan 07 2003 09:18AM
Jez Hancock (jez hancock munk nu) (2 replies)
Re: ps information leak in FreeBSD Jan 08 2003 04:39PM
Sean Kelly (smkelly zombie org)
Re: ps information leak in FreeBSD Jan 07 2003 05:48PM
Crist J. Clark (crist clark attbi com) (1 replies)
Re: ps information leak in FreeBSD Jan 09 2003 03:48AM
Damien Miller (djm mindrot org) (1 replies)
Crist J. Clark wrote:
> Any program that asks for a password on the command line should have
> the common decency to overwrite/obfuscate it, along the lines of,
>
> case 'p':
> passwd = optarg;
> optarg = "********";
> break;
>
> So that it doesn't show up in any "ps" output.

That works only for OSs which support argv clobbering - it is by no
means portable and shouldn't be depended on for security.

-d

[ reply ]
Re: ps information leak in FreeBSD Jan 09 2003 09:23PM
David M. Wilson (dw botanicus net)
Re: ps information leak in FreeBSD Jan 06 2003 09:19PM
Sean Kelly (smkelly zombie org)


 

Privacy Statement
Copyright 2010, SecurityFocus