I know of at least one application (not ADSM) which can read the password on
standard input, so you can do

cat file_containing_password | command

and ps -edf doesn't show the password.  'Course you want to have a
super-protected local file to store the password, but we don't think
that's a problem, since we don't allow ordinary users to log on to the
ADSM server machine anyway.

Hope this can give IBM an idea.  John

--------------------------------------------------------------
John O'Neall                     e-mail:  jon AT in2p3 DOT fr
John O'Neall                     e-mail:  jon AT in2p3 DOT fr
Centre de Calcul de l'IN2P3      phone:   +33 (0)4 78 93 08 80
Villeurbanne, France             fax:     +33 (0)4 78 94 30 54

On Mon, 20 Jan 1997, James Purdon wrote:

> Hi,
>   The security risk of ADSM password exposure by ps is as follows:
>
>         Knowing the password of a node allows you to spoof the node,
>         and extract any file you want.
>
>         Say I have an account on host AIXbox, which has files that I cannot
>         access but is backed up by dsmc -password=whatever.  I can use the
>         NODENAME AIXbox option to rename a host which I do control and use
>         the password to complete the spoof!  I then get access to all the
>         files on AIX box.
>
> We use the "Passwordacces generate" option to avoid this problem  (which
> causes other problems that we have decided to live with).  It would be
> nice if there was a dsmc internal command to specify the password (not
> "set password", which changes it).
>
>
> Jim
>