[pca] hiding SOA data from "ps"

[Martin Paul]

Hi,

There's one thing I never was happy with - pca is providing the Sun 
Online Account data (user and passwd) to wget via a "--header" option. 
Any user on the same machine can get the full command line of the wget 
process while it's running with "ps", revealing the base64 encoded (not 
encrypted!) SOA data.

Unfortunately wget doesn't have a simple way to feed options to it:

Environment variables would be nice, but wget doesn't support that. 
Using a "wgetrc" file is an option, but wget handles those suboptimal, 
too. Besides a system wide wgetrc it only supports ~/.wgetrc. If $WGETRC 
is set to a file name, it will be read *instead of* ~/.wgetrc. So I 
thought that modifying an existing wgetrc would be the only option, 
which I didn't like.

I've found an elegant workaround now - if $WGETRC or ~/.wgetrc exists, 
pca copies it to a temporary wgetrc file (mode 600) and appends the 
"header" options for the SOA data. Before running wget, $WGETRC is set 
to point at this temporary file, which is immediately removed after wget 
completes.

The change is already integrated in the current development release. 
This makes all handling of SOA data within pca/wget as secure as it can 
get, I guess.

Martin.