Re: Web based password changer

To: debian-security@lists.debian.org
Subject: Re: Web based password changer
From: Phillip Hofmeister <plhofmei@zionlth.org>
Date: Fri, 23 Jan 2004 03:10:58 -0500
Message-id: <[🔎] 20040123081058.GA27228@zionlth.org>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20040123072458.GD808@umnh.utah.edu>
References: <[🔎] 24E36F57378E2A49B8D5EE98904F2E2E031AA8@osiris.olympus.dytech.com.au> <[🔎] 20040123072458.GD808@umnh.utah.edu>

On Fri, 23 Jan 2004 at 02:24:58AM -0500, Will Aoki wrote:
> Hopefully the script would not actually invoke echo - otherwise, like
> anything else passed on the command line, the password will show up in
> the process table for anyone or anything to see.

Yet another reason to use the GRSecurity patch.  It hides processes not
belonging to you (unless you are root).

-- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import
--
Excuse #194: Too much radiation coming from the soil.

Attachment: pgptbtwaV6biZ.pgp
Description: PGP signature

Reply to:

References:
- RE: Web based password changer
  - From: "Michael Sharman" <michael.sharman@dytech.com.au>
- Re: Web based password changer
  - From: Will Aoki <waoki@umnh.utah.edu>

Prev by Date: Re: Web based password changer
Next by Date: Re: get error: /bin/sh: line1: myfilter: command in boot messages...
Previous by thread: Re: Web based password changer
Next by thread: Re: Web based password changer
Index(es):
- Date
- Thread