[plug] `Expect` and `cron` <http://expect.nist.gov>
James Devenish
devenish at guild.uwa.edu.au
Thu Jan 6 12:21:41 WST 2005
In message <4b3125cc050105201021c036fe at mail.gmail.com>
on Thu, Jan 06, 2005 at 12:10:10PM +0800, Jeffrey Lim wrote:
> On Thu, 6 Jan 2005 11:11:49 +0800, James Devenish wrote:
> > Unfortunately, it's also completely insecure because other people
> > can view the arguments of root's processes using a variety of simple
> > mechanisms such as `ps`, /proc, etc.
> that's not true now...what mysql does is to actually rewrite the argv
> argument so that it just becomes a generic 'xxxx' (i've got fuzzy
> memory here as to the exact string).
Thanks for pointing that out. However, because of pre-emptive
multitasking, I think there would actually be a clear window of
opportunity between when mysql is invoked and when it gets the
chance to munge its command line. The munging sounds like nice
peace-of-mind for "accident mitigation", but I guess I would
still consider it bad practice to rely on it.
More information about the plug
mailing list