Re: svn and cron

From: John Rouillard <rouilj_at_renesys.com>
Date: 2006-12-12 18:01:55 CET

On Tue, Dec 12, 2006 at 02:01:53PM +0200, Mikko Ruohola wrote:
> Vincent Lefevre kirjoitti:
> >On 2006-12-11 20:50:49 -0600, Ryan Schmidt wrote:
> >
> >>Curious. What do you need expect for in this scenario? svn is not an
> >>interactive program. The only thing I think it can prompt for is the
> >>username and password, and you can provide that with the --username
> >>and --password options without resorting to something like expect.
> >>
> >
> >The --password option may be a security hole, e.g. if there are
> >several users on the machine.
> --password `cat /var/etc/thefilewiththepassword`
> And file can have all the fancy permissions to prevent people from
> seeing it. or does it show on process list apps like top or ps?

You bet it does.

> atleast ncftp hides some command line parameters from process list.

That is usually done by rewriting argv, so it introduces a race
condition where the password is visible in plaintext format. Also not
all systems allow you to rewrite argv and have the kernel pick up the
changed version.

-- 
				-- rouilj
John Rouillard
System Administrator
Renesys Corporation
603-643-9300 x 111
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Received on Tue Dec 12 18:04:36 2006

This message: [ Message body ]
Next message: Ionut Scutaru: "problem with SVNParentPath"
Previous message: S P Vijay: "Re: DB Authentication for SVN"
In reply to: Mikko Ruohola: "Re: svn and cron"
Next in thread: Garrett McGrath: "RE: svn and cron"
Reply: Garrett McGrath: "RE: svn and cron"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]