Re: hiding passwd in cmdlines that appear in the process list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, December 4, 2006 6:55 am, Jochem Maas wrote:
> but given that the ENV var is only available to the shell php in
> currently running in (and any subshells) so
> the script is only vulnerable to mistakes/attacks from 'inside' the
> script - basically I'm assuming that
> whatever is stored in the ENV of a shell is not accessible/visible to
> other users on the given system.
>
> is that assumption correct?

I think it's wiser to phrase it as "not supposed to be accessible" or
"not accessible via normal means"

If somebody works hard enough at it, with some kind of RAM snooper and
a hacked kernel and whatnot, they *could* get to it... :-v

It's important to phrase these things with that tinge of gray, just to
remind ourselves that there's always some kind of hack to beat any
system.

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux