[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn and cron

From: John Rouillard <rouilj_at_renesys.com>
Date: 2006-12-12 18:01:55 CET

On Tue, Dec 12, 2006 at 02:01:53PM +0200, Mikko Ruohola wrote:
> Vincent Lefevre kirjoitti:
> >On 2006-12-11 20:50:49 -0600, Ryan Schmidt wrote:
> >
> >>Curious. What do you need expect for in this scenario? svn is not an
> >>interactive program. The only thing I think it can prompt for is the
> >>username and password, and you can provide that with the --username
> >>and --password options without resorting to something like expect.
> >>
> >
> >The --password option may be a security hole, e.g. if there are
> >several users on the machine.
> --password `cat /var/etc/thefilewiththepassword`
> And file can have all the fancy permissions to prevent people from
> seeing it. or does it show on process list apps like top or ps?

You bet it does.

> atleast ncftp hides some command line parameters from process list.

That is usually done by rewriting argv, so it introduces a race
condition where the password is visible in plaintext format. Also not
all systems allow you to rewrite argv and have the kernel pick up the
changed version.

-- 
				-- rouilj
John Rouillard
System Administrator
Renesys Corporation
603-643-9300 x 111
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Dec 12 18:04:36 2006

This is an archived mail posted to the Subversion Users mailing list.