[pca] hiding SOA data from "ps"
Dražen Kačar
dave at fly.srk.fer.hr
Tue Dec 1 15:23:59 CET 2009
Martin Paul wrote:
> Dražen Kačar wrote:
>>
>> You might have a race condition here. It can be worked around safely, but
>> it's a pain.
>
> You mean somebody modifying ~/.wgetrc between the copy to the tmp file
> and wget reading it on startup?
No, there's nothing to be gained there. I mean something like creating a
symlink at the location your temporary file will be created, which then
points to something you can write into, but another user can read. So
he can get the username and password you're trying to hide.
Or something like that, I was never very good at inventing cracking
scenarios.
The race can be exploited if you first try to delete the file and then
create it. Perhaps symlink isn't necessary. The usual protection from this
is to have the file created in the directory owned by the user who is
creating it (ie. don't create it in /tmp or /var/tmp). But that's a pain.
> I like that, and wget seems to accept /dev/stdin in WGETRC. It does away
> with the race condition *and* saves me from creating a temporary file,
> but ..
>
> > If that's simple enough in Perl.
>
> .. when reading about bidirectional IPC communication with perl it seems
> as if there's no simple, standard and non-ugly solution.
Thought that might be a problem. :-)
man IPC::Open2 looks promising, but I'm not a Perl programmer.
--
.-. .-. Yes, I am an agent of Satan, but my duties are largely
(_ \ / _) ceremonial.
|
| dave at fly.srk.fer.hr
More information about the pca
mailing list