mylvmbackup-discuss team mailing list archive
-
mylvmbackup-discuss team
-
Mailing list archive
-
Message #00061
Re: Password from environment patch
On Wed, 08 Sep 2010 11:31:46 +0200, Lenz Grimmer <lenz@xxxxxxxxxxx> wrote:
>> So it's not really any more secure than passing the password on the
>> command line.
>
> Well, maybe a little bit - as only root or the owner of a process can
see
> the
> environment...
That was my idea behind it. I often see other programmes use an
environment variable instead of a command-line argument to pass sensitive
information like passwords, presumably because it is better hidden there.
If root or the process owner (here: root) can access it, that's no problem
because root should access it anyway. duplicity for example reads passwords
from an environment variable rather than an argument.
I haven't tried getting the command line of root processes from an
unprivileged user though.
I'll try the other env variable later, so maybe I don't need the patch
myself anymore.
--
Yves Goergen - mail & jabber im: yves@xxxxxxxxxxxxxxx
http://unclassified.de - Web-Labor, HD-Fotogalerie, Webhosting
References