On Thu, Dec 27, 2001 at 04:46:45PM +0100, David Flatz wrote:
> Pedro Zorzenon Neto said:
> > $ PASS="password" myprogram enable username IP
> >
> > then "myprogram" will read the PASS from the environment.
> > is there anyway a regular user could capture passwords?
>
> yes it is "ps auxe"
>
> try getting the password via <stdin> like "mysql -p"
>
Thanks for you sugestion David,
As it is a Perl script that will call the program, I'll do in the Perl
code something like this:
$tmp=`umask 177; tempfile`;
fopen (PASS,">$tmp");
print PASS $password;
fclose PASS;
`cat $tmp | myprogram enable $user $ip; rm -f $tmp`;
will this be safe now?
Thanks,
Pedro
