Peter Gutmann wrote:
Dr Stephen Henson [EMAIL PROTECTED] writes:
Is there any circumstances where the environment isn't safe? I believe extra
privs are normally needed to read another users processes environment.
Under DEC Unixen you can read anyone's environment without any extra privs
The program should overwrites it's sensible environment variables as soon
as it
has read the content, therefore strongly reducing the problem.
Assuming the ones that "ps" shows are in userspace not kernel space.
Not always a safe assumption.
a file would be good, since i could create a fifo behind a firewall
directory and do a bunch of cat's to run a bunch of commands :)
__
OpenSSL Project http://www.openssl.org
Development Mailing
jaltman And why can't pipes be used in Windows?
Exactly my question.
jaltman Using a colon in this context should not be a problem since the first
jaltman colon is the tag separator. After that the colon can be part of the
jaltman filename.
*LOL* I guess that's a d'uh on me...
--
Richard
Hi all,
I have a problem while writing a PERL module. When I want to issue an
openssl command (that requires input) the following code (which works
in common PERL programs) does not pass the required input to openssl
so it waits for user input:
open(FD, "|$command" ) || return;
madwolf I have a problem while writing a PERL module. When I want to issue an
madwolf openssl command (that requires input) the following code (which works
madwolf in common PERL programs) does not pass the required input to openssl
madwolf so it waits for user input:
madwolf
madwolf
Richard Levitte - VMS Whacker wrote:
What's wrong is that you assume OpenSSL takes password input from
standard input. This is not the case. Instead, a separate handle to
the TTY is opened, and that is used as password input. Under Unix,
the file used is "/dev/tty". Under DOS, it's
Is there any circumstances where the environment isn't safe?
I thought it was readily available on all BSD-derived Unices. viz:
haggis 71 uname ; who ; echo i am `who am i` ; ps -wwe -tp1
BSD/OS
salzrttyp0 Feb 10 14:58 (camstig)
bowe ttyp1 Feb 7 08:36 (taco)
i
drh Most utilities? I thought all the ones where it was useful were
drh covered. Have I missed one?
I don't think enc has it... At least I couldn't find it when I looked
20 minutes ago...
drh Is there any circumstances where the environment isn't safe? I believe
drh extra privs are normally
Dr Stephen Henson [EMAIL PROTECTED] writes:
Is there any circumstances where the environment isn't safe? I believe extra
privs are normally needed to read another users processes environment.
Under DEC Unixen you can read anyone's environment without any extra privs
(ps -wwae or a variant
Dr Stephen Henson wrote:
Is there any circumstances where the environment isn't safe? I believe
extra privs are normally needed to read another users processes
environment.
ps on Linux shows environments, but not being a Linux expert, I couldn't
say how that access is controlled.
Cheers,
Is there any circumstances where the environment isn't safe? I believe
extra privs are normally needed to read another users processes
environment.
Yes, some oses dump core that is world readable and has env info
in the core file.
Mike
:[EMAIL PROTECTED]]
Sent: Friday, February 11, 2000 12:53 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: PERL Module Problem...
madwolf I have a problem while writing a PERL module. When I
want to issue an
madwolf openssl command (that requires input
OK. I'm convinced environment isn't always safe. I'll redo the options
to allow several choices.
I.e.
1. Command line.
2. Environment.
3. Standard input.
Any other suggestions e.g from a file or fd?
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email:
Richard Levitte - VMS Whacker [EMAIL PROTECTED]:
[...]
I would trust passwords passed over stdin before anything passed in
the command line or environment, any time. Not that stdin is perfect
either, mind you, but still...
Environment variables must usually be considered public. PGP
SalzR I thought it was readily available on all BSD-derived Unices. viz:
SalzR haggis 71 uname ; who ; echo i am `who am i` ; ps -wwe -tp1
SalzR BSD/OS
SalzR salzrttyp0 Feb 10 14:58 (camstig)
SalzR bowe ttyp1 Feb 7 08:36 (taco)
SalzR i am salzr ttyp0 Feb 10 14:58
Thanks to all who sent me their help. I found it very singular that using inside
a cgi script the code works... :-D I will investigate deeply ... (If I have time
to ... )
C'you,
Massimiliano Pala ([EMAIL PROTECTED])
S/MIME Cryptographic Signature
From: Dr Stephen Henson [EMAIL PROTECTED]
drh 1. Command line.
drh 2. Environment.
drh 3. Standard input.
drh
drh Any other suggestions e.g from a file or fd?
Hmm. There's no need to have the password in a file, that can as well
be piped in ('cat passwdfile | openssl x509 -passstdin ...' to
From: [EMAIL PROTECTED] (Bodo Moeller)
bmoeller PGP evaluates a PGPPASSFD
That was the name!
bmoeller environment variable and reads from the named file
bmoeller descriptor; with this approach, you don't have to send
bmoeller passwords and actual data through the same pipe.
Good point. I
Richard Levitte - VMS Whacker wrote:
Hmm. There's no need to have the password in a file, that can as well
be piped in ('cat passwdfile | openssl x509 -passstdin ...' to take a
Unixly example, and yes, there's a way to do that on VMS as well).
Yes but there's windoze to consider as
From: Dr Stephen Henson [EMAIL PROTECTED]
drh Richard Levitte - VMS Whacker wrote:
drh
drh
drh Hmm. There's no need to have the password in a file, that can as well
drh be piped in ('cat passwdfile | openssl x509 -passstdin ...' to take a
drh Unixly example, and yes, there's a way to do
drh Richard Levitte - VMS Whacker wrote:
drh
drh
drh Hmm. There's no need to have the password in a file, that can as well
drh be piped in ('cat passwdfile | openssl x509 -passstdin ...' to take a
drh Unixly example, and yes, there's a way to do that on VMS as well).
drh
drh Yes
22 matches
Mail list logo
