On 2020/01/14 10:27, Theo de Raadt wrote: > Unfortunate part of this diff is that the password is (very > momentarily) visible with ps(1) in the root-run ifconfig argv[] array. > It's a tight race, but still it is visible. > > People do run "sh /etc/netstart umb0" to activate the interface > during multiuser. > > If the password is truly sensitive, it should be placed in a file, > and the ifconfig's extension should be changed to read the file.
That's not unique to umb though, it's been a problem forever with carp, pppoe and especially wlan interfaces. Another fix would be to accept ifconfig options on stdin, which is more convenient for quick runtime changes than two steps of writing to a file then pointing ifconfig at it, and changing netstart to use it would improve things for existing users without them needing to touch any config files.