On Thu, Oct 1, 2009 at 5:44 PM, Michael S. Zick <open...@morethan.org> wrote: > Misplaced security barrier - > The user should be sufficiently security qualified to see what they type. > Everbody in the same room should be sufficiently security qualified > to see anything typed within that room. > The room should be sufficiently security qualified to exclude others. > > In some installations, the red lights on the walls and ceilings flash > and the screens are all blanked if someone with less than a certain > minimum security qualification level is allowed entry. > And if that unqualified person unblanks a screen and types ps -f : simple, > shoot them. > (I was one of the guys that carried the gun in the room for years.) > > Other than those operational procedures, you should at least write > your own application that does not disclose what you want hidden.
With "ps -f" someone else in *another* room can see the command line arguments of programs that I run. You wouldn't "chmod a+r" your key files now would you? Having key contents appears as a command line argument does effectively that for the duration of the command execution. Michael D. Adams ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
