Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 23 May 2000 03:56:32 -0700
From:      Jan Koum <jkb@ethereal.net>
To:        Brian Somers <brian@Awfulhak.org>
Cc:        Hajimu UMEMOTO <ume@FreeBSD.ORG>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, brian@hak.lan.Awfulhak.org
Subject:   Re: cvs commit: src/lib/libfetch ftp.c
Message-ID:  <20000523035632.D47375@ethereal.net>
In-Reply-To: <200005230806.JAA00873@hak.lan.Awfulhak.org>; from brian@Awfulhak.org on Tue, May 23, 2000 at 09:06:08AM %2B0100
References:  <jkb@ethereal.net> <200005230806.JAA00873@hak.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

yep, i ment 'ps -auxwe' ;)

peter pointed out that ps in 4.x is fixed not not show the environment,
but what about clueless users putting FTP_PASSWORD into .cshrc world
readable files? (yeah, yeah, i know about the evil .netrc file too :)

also, if another OS borrows this code from us without an audit and
with ps which does show -e, they will be in trouble.

so i guess this is their problem. like i said: this is not a big deal or
even an issue.


On Tue, May 23, 2000 at 09:06:08AM +0100, Brian Somers <brian@Awfulhak.org> wrote:
> Do you mean ps -e ?  That hole was plugged (in -current anyway) a few 
> months ago by phk so that only root or the same user can see the 
> environment of a given process.
> 
> > btw, putting passwords and passphrases into an environment variable has
> > always been bad, since anyone can read it with 'ps -auxww'
> > 
> > not a big deal i guess as long as you know what you are doing...
> > 
> > On Mon, May 22, 2000 at 06:01:14AM -0700, Hajimu UMEMOTO <ume@FreeBSD.ORG> wrote:
> > > ume         2000/05/22 06:01:14 PDT
> > > 
> > >   Modified files:
> > >     lib/libfetch         ftp.c 
> > >   Log:
> > >   Use $FTP_PASSWORD for FTP password.  If $FTP_PASSWORD is not
> > >   found, `yourname@yourhost' is used.
> > >   
> > >   Revision  Changes    Path
> > >   1.22      +12 -2     src/lib/libfetch/ftp.c
> 
> -- 
> Brian <brian@Awfulhak.org>                        <brian@[uk.]FreeBSD.org>
>       <http://www.Awfulhak.org>;                   <brian@[uk.]OpenBSD.org>
> Don't _EVER_ lose your sense of humour !
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe cvs-all" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000523035632.D47375>