Bugtraq mailing list archives
Re: ps information leak in FreeBSD
From: "David M. Wilson" <dw () botanicus net>
Date: Thu, 9 Jan 2003 21:23:40 +0000
On Thu, Jan 09, 2003 at 02:48:30PM +1100, Damien Miller wrote:
Crist J. Clark wrote:
Any program that asks for a password on the command line should have the common decency to overwrite/obfuscate it, along the lines of,
case 'p': passwd = optarg; optarg = "********"; break;
This code is incorrect, it destroys a temporary pointer that will be
overwritten with the next call to getopt(). For the sake of
completeness, it should be noted that to actually destroy the command
line argument data, one should do something along the lines of:
case 'p':
passwd = strdup(optarg); /* now requires free()ing. */
{
int len = strlen(optarg), i;
for (i = 0; i != len; ++i)
optarg[i] = 0;
}
That works only for OSs which support argv clobbering - it is by no means portable and shouldn't be depended on for security.
This is still correct though. :). Any passwords passed on the command line are available through a race anyway. Just don't do it(tm). David.
Current thread:
- ps information leak in FreeBSD Cache (Jan 06)
- Re: ps information leak in FreeBSD Sean Kelly (Jan 06)
- Re: ps information leak in FreeBSD Jez Hancock (Jan 21)
- Re: ps information leak in FreeBSD Sean Kelly (Jan 08)
- Re: ps information leak in FreeBSD Crist J. Clark (Jan 21)
- Re: ps information leak in FreeBSD Damien Miller (Jan 09)
- Re: ps information leak in FreeBSD David M. Wilson (Jan 15)
- <Possible follow-ups>
- ps information leak in FreeBSD Cache (Jan 06)