Re: sending password in the command line
This will not work I believe ps aux will show the environment variable's
value instead of the variable. Which in your case would be the password,
rendering your idea bad! =/
I would chroot the users' environments (jail them) so that they can only see
their own processes... of course this might not be the solution you are
looking for.
-xbud
On Thursday 27 December 2001 09:27 am, Pedro Zorzenon Neto wrote:
> Hi Friends,
>
> I am developing a software to provide access control to users of a
> network.
> The gateway has ipchains rules to DENY packets from all 192.168.0.0/16
> hosts to the 0.0.0.0/0 world.
>
> If the user (a regular user, not root) does:
>
> $ myprogram enable username password IP
>
> the program checks the password in a internal database, and enable
> packets from the given IP to the 0/0 world. It also logs user/ip/date.
>
> if the user does:
>
> $ myprogram disable username password IP
>
> it disables the ipchains rules that were enabled before.
>
> The program seems to be working well.
>
> Now, here is my question:
>
> - everybody can capture the passwords with a "ps aux" command, ok?
>
> - what about doing this to prevent simple ps aux "sniff"
>
> $ PASS="password" myprogram enable username IP
>
> then "myprogram" will read the PASS from the environment.
> is there anyway a regular user could capture passwords?
>
>
> Thanks in advance,
>
> Pedro
Reply to: