In <200003071319.e27DJui17540@pincoya.inf.utfsm.cl> Horst von Brand (vonbrand@pincoya.inf.utfsm.cl) wrote:
HB> "Khimenko Victor" <khim@sch57.msk.ru> said:
HB> [...]
>> No, we can not. argv[0] passed by execve system call can be different then
>> argv[0] as it's seen by user program. In case of ELF and "gcc" language they
>> are the same. But there are other languages exists, you know. Yes, you can
>> cut tonsils over asshole if you have enough skills. But why not provide more
>> natural way to do this if it's not hard ??
HB> Agree. But _only_ if there is a real-world need, and it isn't terrible to
HB> do. AFAIU, the relevant standards give _no_ way to change this, so there is
HB> no overly pressing need either.
Yes, it's not stated in standards. Just like all ps-related stuff AFAIK.
Is it usefull ? Yes: programs doing this now with horrible hacks. Is it
possible to do in more clear way ? See patch and decide if it's clear enough.
HB> [...]
>> What I really WAHT is ability to remove some arguments from my command line.
>> Why ? Think about `mysql -P password` or other such things. Yes, you can just
>> replace password with 'x' or '*' but sometimes more convenient way is to just
>> remove password from argv array completely.
HB> Security-through-hoping-my-machine-is-fast-enough-so-no-one-caches-it? ;-)
Two answers:
1. Yes, it'll make chance to lost password MUCH lower.
2. With proposed patch you can implement "hideparam" command and then use
mysql from "hideparam screen" and it'll give you real security even if command
line will be used to set password. Users are demanding this constantly and I'm
not know why we should refuse such demands if it can be implemented real cheap.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Mar 07 2000 - 21:00:22 EST