drh> Most utilities? I thought all the ones where it was useful were
drh> covered. Have I missed one?
I don't think enc has it... At least I couldn't find it when I looked
20 minutes ago...
drh> Is there any circumstances where the environment isn't safe? I believe
drh> extra privs are normally needed to read another users processes
drh> environment.
Not really, except under certain circumstances (some or most shells
combined with rather special characters in the password), using
environment variables is klunky, to say the best... Also, if you want
to be paranoid, environment space does not go away for the duration of
the process' life, so if there's a way to read process memory, there's
a higher likelyhood that you can find a password through the
environment that process carries around (after all, the environment is
not hard to find, at all, just look for "USER=" or something like
that, and you'll probably find the rest of it around that point). In
such cases, it is a lot safer to read in a password in a string in a
hopefully less easy to find place in process memory and immediately
zero that piece of memory after the password has been used.
I would trust passwords passed over stdin before anything passed in
the command line or environment, any time. Not that stdin is perfect
either, mind you, but still...
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-161 43 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
