Date: Tue, 23 May 2000 03:56:32 -0700 From: Jan Koum <jkb@ethereal.net> To: Brian Somers <brian@Awfulhak.org> Cc: Hajimu UMEMOTO <ume@FreeBSD.ORG>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, brian@hak.lan.Awfulhak.org Subject: Re: cvs commit: src/lib/libfetch ftp.c Message-ID: <20000523035632.D47375@ethereal.net> In-Reply-To: <200005230806.JAA00873@hak.lan.Awfulhak.org>; from brian@Awfulhak.org on Tue, May 23, 2000 at 09:06:08AM %2B0100 References: <jkb@ethereal.net> <200005230806.JAA00873@hak.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
yep, i ment 'ps -auxwe' ;) peter pointed out that ps in 4.x is fixed not not show the environment, but what about clueless users putting FTP_PASSWORD into .cshrc world readable files? (yeah, yeah, i know about the evil .netrc file too :) also, if another OS borrows this code from us without an audit and with ps which does show -e, they will be in trouble. so i guess this is their problem. like i said: this is not a big deal or even an issue. On Tue, May 23, 2000 at 09:06:08AM +0100, Brian Somers <brian@Awfulhak.org> wrote: > Do you mean ps -e ? That hole was plugged (in -current anyway) a few > months ago by phk so that only root or the same user can see the > environment of a given process. > > > btw, putting passwords and passphrases into an environment variable has > > always been bad, since anyone can read it with 'ps -auxww' > > > > not a big deal i guess as long as you know what you are doing... > > > > On Mon, May 22, 2000 at 06:01:14AM -0700, Hajimu UMEMOTO <ume@FreeBSD.ORG> wrote: > > > ume 2000/05/22 06:01:14 PDT > > > > > > Modified files: > > > lib/libfetch ftp.c > > > Log: > > > Use $FTP_PASSWORD for FTP password. If $FTP_PASSWORD is not > > > found, `yourname@yourhost' is used. > > > > > > Revision Changes Path > > > 1.22 +12 -2 src/lib/libfetch/ftp.c > > -- > Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org> > <http://www.Awfulhak.org> <brian@[uk.]OpenBSD.org> > Don't _EVER_ lose your sense of humour ! > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe cvs-all" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000523035632.D47375>