On Wed, May 30, 2001 at 03:08:18PM +0200, Alwyn Schoeman wrote: > Its not the processes in themselves which knowledge must be hidden of, but > the parameters to processes. It might contain confidential information like > encrypted bank pins, etc....
any program that requires sensitive information to be supplied on the command line is fundementally broken and should be fixed. this is why for example gpg only accepts a passphrase via a file descriptor, not via the command as far as scripting goes. (mutt for example pipes the passphrase to gpg, pipes are secure, command line args are not). -- Ethan Benson http://www.alaska.net/~erbenson/
pgpaNPZuPHviQ.pgp
Description: PGP signature
