On Wed, Jul 04, 2007 at 05:39:25PM +0200, Cristian Ionescu-Idbohrn wrote: > On Tue, 3 Jul 2007, Jim Freeman wrote: > > > # passwd -p **** blip > > Isn't this the well known insecure method that shouldn't be used > because (with the right timing) anyone can snap the password with ps > or 'cat /proc/<pid>/cmdline'? ...
As I acknowledged in parts you trimmed, yes (if "anyone" is taken to mean "someone with shell access"). But in many embedded cases, there is no shell access (ergo, the cgi remote admin mentioned in the original mail). In such cases "anyone" == "noone", and "shouldn't be used" becomes "might be used", and this particular point is then mooted. ...jfree _______________________________________________ busybox mailing list [email protected] http://busybox.net/cgi-bin/mailman/listinfo/busybox
