Peter Gutmann wrote:
> Dr Stephen Henson <[EMAIL PROTECTED]> writes:
>
> >Is there any circumstances where the environment isn't safe? I believe extra
> >privs are normally needed to read another users processes environment.
>
> Under DEC Unixen you can read anyone's environment without any extra privs
> (ps -wwae or a variant thereof, depending on which vintage of OS you're on).
There's the same possibility on Linux and probably many other OS.
The program should overwrites it's sensible environment variables as soon as it
has read the content, therefore strongly reducing the problem.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
