Stevan Bajić <ste...@bajic.ch> wrote: > On Sun, 26 Jun 2011 13:26:11 +0200 > Elias Oltmanns <e...@nebensachen.de> wrote: > > I fail to see why the maintenance script should leak passwords? Can you > provide a scenario in which the password would be leaked?
Sorry, the changelog entry turns out to be rather less informative than I had intended. Anyone who manages to execute $ ps ax at the right time (tm) can get hold of the db access password used in the mainenance script; it will appear in the argument list to one of the script's subprocesses. Admittedly, the chance is very slim, especially when /tmp is on shm, and the attacker would need access to a user account on the machine running dspam. All the same, we needn't rely on chances and this is a cronjob, after all. Regards, Elias ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Dspam-devel mailing list Dspam-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-devel
