[plug] `Expect` and `cron` <http://expect.nist.gov>

Jeffrey Lim jfs.world at gmail.com
Thu Jan 6 12:10:10 WST 2005


On Thu, 6 Jan 2005 11:11:49 +0800, James Devenish
<devenish at guild.uwa.edu.au> wrote:
> Hi,
> 
> Unfortunately, it's also completely insecure because other people
> can view the arguments of root's processes using a variety of simple
> mechanisms such as `ps`, /proc, etc.

that's not true now. I suppose that could be possible in the past with
the older versions, but nowadays when u do the call from the
commandline, what mysql does is to actually rewrite the argv argument
so that it just becomes a generic 'xxxx' (i've got fuzzy memory here
as to the exact string). I've seen this with my 'ps' investigation,
though admittedly i havent tried with looking into /proc. I suppose it
should be the same (ie., password is masked), but just to let u know,
i havent looked into it yet.

-jf



More information about the plug mailing list