On Wed, Apr 04, 2012 at 01:39:07PM +0300, Timo Juhani Lindfors wrote: > I think rpg is very insecure since all local users of the system can see > the passwords that you generate. All they need to do is to look for the > "grep" commands that appear in the process list.
First of all in most cases it is using on workstation where are no other live users then You (or hacker breached into Your system) . Second, it is used sporadically and rarely. To catch those passwords You need continuously watching and analyze process list for a long time. It is less likely for such scenario to be used. Some chance for using this hole is on the servers where passwords are generated automatically and very often. Nevertheless, to keep on strict security basics, I agree - it should be fixed in some way. -- *************************** ## Vladimir Stavrinov ## vstavri...@gmail.com *************************** -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
