> Yes, this is possible to some extent, but I'm not sure if we can really > remove all traces of the original command line from the system > records
Records (accounting, logs or otherwise) wouldn't be of much concern, as those are usually restricted to uid 0 or the user themselves, both presumably trusted and intact. If not, all bets are off. > and as you said there will be a race condition. I don't know anything about arg rewriting, but it seemed racy. Guess not much left but --passwordeval="cat passfile". Or an ssh/gpg agent-alike infrastructure for those who don't want the password stored on disk. It could be something like passwordeval socat to domain socket daemon run by the user. Even this might work and be safe from other uid's too... export myenvpassX=$(<<EOF 12345 EOF) msmtp --passwordeval="echo $myenvpassX" where X is an index if you have more than one account or calling program to deal with. Maybe a shared/ipc memory segment with shm tools. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ msmtp-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/msmtp-users
