← Back to team overview

mylvmbackup-discuss team mailing list archive

Re: Password from environment patch


On Wed, 08 Sep 2010 11:31:46 +0200, Lenz Grimmer <lenz@xxxxxxxxxxx> wrote:
>> So it's not really any more secure than passing the password on the
>> command line.
> Well, maybe a little bit - as only root or the owner of a process can
> the
> environment...

That was my idea behind it. I often see other programmes use an
environment variable instead of a command-line argument to pass sensitive
information like passwords, presumably because it is better hidden there.
If root or the process owner (here: root) can access it, that's no problem
because root should access it anyway. duplicity for example reads passwords
from an environment variable rather than an argument.

I haven't tried getting the command line of root processes from an
unprivileged user though.

I'll try the other env variable later, so maybe I don't need the patch
myself anymore.

Yves Goergen - mail & jabber im: yves@xxxxxxxxxxxxxxx
http://unclassified.de - Web-Labor, HD-Fotogalerie, Webhosting