This will not work I believe ps aux will show the environment variable's value instead of the variable. Which in your case would be the password, rendering your idea bad! =/
I would chroot the users' environments (jail them) so that they can only see their own processes... of course this might not be the solution you are looking for. -xbud On Thursday 27 December 2001 09:27 am, Pedro Zorzenon Neto wrote: > Hi Friends, > > I am developing a software to provide access control to users of a > network. > The gateway has ipchains rules to DENY packets from all 192.168.0.0/16 > hosts to the 0.0.0.0/0 world. > > If the user (a regular user, not root) does: > > $ myprogram enable username password IP > > the program checks the password in a internal database, and enable > packets from the given IP to the 0/0 world. It also logs user/ip/date. > > if the user does: > > $ myprogram disable username password IP > > it disables the ipchains rules that were enabled before. > > The program seems to be working well. > > Now, here is my question: > > - everybody can capture the passwords with a "ps aux" command, ok? > > - what about doing this to prevent simple ps aux "sniff" > > $ PASS="password" myprogram enable username IP > > then "myprogram" will read the PASS from the environment. > is there anyway a regular user could capture passwords? > > > Thanks in advance, > > Pedro -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
