Subject: Re: Cautionary Tale: New Install/root Password/Keyboard Layout
To: None <david@l8s.co.uk>
From: Felix Zaslavskiy <felix@students.poly.edu>
List: netbsd-users
Date: 07/04/2003 17:42:57
>> You never pass sensitive data as an argument to a command nor do you put it into an enviroment
>> variable. Use the `here-document`
>> feature of your shell.
>
> Mmmm ps -eww
>
> With many shells 'here documents' get written to temporary files
> so could easily be exposed to other users.
> This is made worse by buggy shells that fail to delete them [1].
>
> David
>
> [1] mainly because it is just too hard to get right if you start
> playing with shell functions and sub-shells.
>
I appologize to maybe misslead anyone.
I dont do sys admin for a living and i use netbsd on my personal laptop and i also have a test
machine that i use for learning purposes and i do very insecure things with it. I always do things
as root (i even ssh in as root user lol) and generaly bypass security in order to muck around with
the source code and things such as this. So my example was just something i was trying to
demostrate about the getpass function because it tries to open /dev/tty and it wont except things
from standard input anyway. The way to trick getpass into reading from standard input is to take
read write permission of /dev/tty that was the point of my previous post i guess nobody picked up
on that.
> --
> David Laight: david@l8s.co.uk