Re: ps information leak in FreeBSD

[Damien Miller <djm () mindrot org>]

Crist J. Clark wrote:
> Any program that asks for a password on the command line should have
> the common decency to overwrite/obfuscate it, along the lines of,
>
>         case 'p':
>                 passwd = optarg;
>                 optarg = "********";
>                 break;
>
> So that it doesn't show up in any "ps" output.

That works only for OSs which support argv clobbering - it is by no 
means portable and shouldn't be depended on for security.

-d