Re: ps information leak in FreeBSD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Crist J. Clark wrote:

Any program that asks for a password on the command line should have
the common decency to overwrite/obfuscate it, along the lines of,

	case 'p':
		passwd = optarg;
		optarg = "********";
		break;

So that it doesn't show up in any "ps" output.
That works only for OSs which support argv clobbering - it is by no means portable and shouldn't be depended on for security.

-d


[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux