Hi Friends,
I am developing a software to provide access control to users of a
network.
The gateway has ipchains rules to DENY packets from all 192.168.0.0/16
hosts to the 0.0.0.0/0 world.
If the user (a regular user, not root) does:
$ myprogram enable username password IP
the program checks the password in a internal database, and enable
packets from the given IP to the 0/0 world. It also logs user/ip/date.
if the user does:
$ myprogram disable username password IP
it disables the ipchains rules that were enabled before.
The program seems to be working well.
Now, here is my question:
- everybody can capture the passwords with a "ps aux" command, ok?
- what about doing this to prevent simple ps aux "sniff"
$ PASS="password" myprogram enable username IP
then "myprogram" will read the PASS from the environment.
is there anyway a regular user could capture passwords?
Thanks in advance,
Pedro
