Using a password as a command-line option will expose that password
unless you further secure 'ps(1)', 'top(1)', probably parts of swap,
and other commands that can view the process tree.  (there are some
threads about doing this, but I'm not sure what ever happened with
them.)

You would be better storing the username and password in a
secured/encrypted/whatevered file and then have the logic in the login
script to read it out.  It's a pretty classic problem of wanting to
store passwords securely for automated logins and having no good place
to do it.  (see web programming with a database, automated
administration with ssh, and a hundred other similar problems.)

_Matt

On 8/23/05, Jan Danielsson <jan.danielsson@gmail.com> wrote:
> Steven M. Bellovin wrote:
> >>  On a more security related note: Why is it that most files in /etc
> >>are readable by everyone by default? Files like rc.conf are only of
> >>interrest to init/root, right? If so, why aren't they more restricted b=
y
> >>default?
> >
> > Why shouldn't they be readable by default?  What is the threat you're
> > trying to defend against?
>=20
>    I guess you could say I like the "least access" philosophy. If you
> have no reason to meddle in X, then there's no reason for you to even
> have access to X. It's like protected and private members in C++. If the
> application shouldn't meddle with them, why even allow it to call them?
> This is also the basis for all sane security thinking, imho: Allow only
> what is essential, and prohibit the rest.
>=20
> > Make something read-protected if there's a problem, either because the
> > data is inherently secret (i.e., keying material) or because you're
> > trying to conceal something about local security policy that isn't
> > readily discernible by other means.  Very little, if anything, in
> > rc.conf fits that description.
>=20
>    My university network requires a login/logout via https. To get
> around this annoyance, I have written a login script which handles
> everything automatically during boot and shutdown. I have created a
> /etc/rc.d/unilogin which handles the login/logout. In rc.conf I have:
>=20
> unilogin=3DYES
> unilogin_flags=3D"--user=3D<userid> --pass=3D<pass>"
>=20
> Notice the "--pass=3D" parameter; that's what I want to hide.
>=20
>=20
>    In fact, if /etc/rc.conf is readable by everyone, it's like saying:
> Don't put important login information here. But what if I *need* to
> place important login information there? IMHO, there should be some
> clear way to do this. I was given a tip which suits me just fine, but
> unless it breaks anything, I see not reason why more files in /etc
> shouldn't be made non-readable by 'everyone'. It's basic security
> thinking, imho.
>=20
>    As I have stated earlier, I'm a NetBSD newbie, so I apologize if I'm
> suggesting something that would break normal operations.
>=20
> --
> Kind Regards,
> Jan Danielsson
> Te audire no possum. Musa sapientum fixa est in aure.
>=20
>=20
>