On Wed, 22 Jan 1997, Tim Dobrowolsky wrote:
> I've had this same problem with other software. At some point the program
> runs something with secure information such as a password as parameters, and
> thus
> ps can reveal information you don't want out. So when I got adsm installed on
> my AIX box I checked the ps listing and saw that dsmc had -password= but no
> password visible. Therefore I assumed that the obvious security problem of
> passwords on the command line was taken care of.
In this thread I had written:
There is no way to prevent the password visibility, although on some
Unixes, there is only a short time window where it can be read, i.e.
there is a race condition between the OS concealing the password and an
intruder's script reading it. There is, however, no need ever to use this
highly unsafe option.
Whether the problem is taken care of depends more on your system than on
the application, in this case ADSM. How it is taken care of may be:
1) not at all because OS has no interface not to show password: password
visible
2) by the program which erases command line image: password invisible for
humans but visible for programs (race condition)
3) by the OS which has an interface that the command line is shown only
on request by the program and not the OS: password really invisible
The shell is here subsumed under OS; but be aware that the behaviour may
be dependent on the shell used.
Some Unixes fall into category 1), and some into category 3) if the
program has no read rights but only execution rights. I would guess that
AIX is in category 2), although I never got a definite answer.
Best regards,
Helmut Richter
==============================================================
Dr. Helmut Richter Leibniz-Rechenzentrum
Tel: +49-89-289-28785 Barer Str. 21
Fax: +49-89-2809460 D-80333 Muenchen
Email: Helmut.Richter AT lrz-muenchen DOT de Germany
==============================================================
|