Bugtraq mailing list archives
Re: ps information leak in FreeBSD
From: Damien Miller <djm () mindrot org>
Date: Thu, 09 Jan 2003 14:48:30 +1100
Crist J. Clark wrote:
Any program that asks for a password on the command line should have the common decency to overwrite/obfuscate it, along the lines of, case 'p': passwd = optarg; optarg = "********"; break; So that it doesn't show up in any "ps" output.
That works only for OSs which support argv clobbering - it is by no means portable and shouldn't be depended on for security.
-d
Current thread:
- ps information leak in FreeBSD Cache (Jan 06)
- Re: ps information leak in FreeBSD Sean Kelly (Jan 06)
- Re: ps information leak in FreeBSD Jez Hancock (Jan 21)
- Re: ps information leak in FreeBSD Sean Kelly (Jan 08)
- Re: ps information leak in FreeBSD Crist J. Clark (Jan 21)
- Re: ps information leak in FreeBSD Damien Miller (Jan 09)
- Re: ps information leak in FreeBSD David M. Wilson (Jan 15)
- <Possible follow-ups>
- ps information leak in FreeBSD Cache (Jan 06)