[Wellington-pm] perl-suid deprecated, in favour of what?
Grant McLean
grant at mclean.net.nz
Tue May 23 15:57:56 PDT 2006
On Wed, 2006-05-24 at 10:34 +1200, Srdjan wrote:
> Grant McLean wrote:
> > Passing things via the environment is
> > non-obvious enough without also having to rely on some obscure entry in
> > the sudoers file.
>
> But what if you have sensitive data you don't want to be seen on the command
> line, like passwords?
Yes, passing a password between processes via command line argument
would be insecure, since the command line arguments are visible via
'ps'.
On the other hand, passing a password between processes via the
environment would also be insecure, since a process' environment is also
visible via 'ps'.
Sending it into the STDIN of the child process via a pipe would be one
more secure approach.
Cheers
Grant
More information about the Wellington-pm
mailing list