[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [msmtp-users] Password parameters patch
On Mon, 2 Jul 2012 16:48:19 -0400, grarpamp wrote:
> Isn't it possible for the program to rewrite its
> own argv0 and/or parameters that would show
> up in ps/proc/etc when accessed by other uid's?
> But that may be subject to determination by race.
Yes, this is possible to some extent, but I'm not sure if we can really
remove all traces of the original command line from the system
records, and as you said there will be a race condition.
There was a --password option originally but it was removed in
version 0.5 (ca. 2003) for these reasons.
> So also, examine the -h and -H options used in pw here:
> http://svnweb.freebsd.org/base/releng/9.0/usr.sbin/pw/
As far as I can see, you can do the same with the --passwordeval
option. -H/-h directly get the file descriptor of the pipe whereas
--passwordeval creates a pipe to read the output of the given command.
Martin