Re: SECURITY PROBLEM OR NOT
From: Richard Caley (MYFIRSTNAME@MYLASTNAME.org.uk)
Date: 11/27/02
- Next message: phn@icke-reklam.ipsec.nu: "Re: SECURITY PROBLEM OR NOT"
- Previous message: Rudi Swennen: "Re: Shadowed passwords?"
- In reply to: Michel De Rouck: "SECURITY PROBLEM OR NOT"
- Next in thread: Ian G Batten: "Re: SECURITY PROBLEM OR NOT"
- Reply: Ian G Batten: "Re: SECURITY PROBLEM OR NOT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Richard Caley <MYFIRSTNAME@MYLASTNAME.org.uk> Date: Wed, 27 Nov 2002 11:12:03 GMT
In article <3DE48104.4D163A5@steria.be>, Michel De Rouck (mdr) writes:
mdr> I could find solutions to work arround this problem ....
Why do you think it is a problem? There are hidden places and public
places, if you put secret information in a public place it becomes
visible.
It seems the problem, if any, is your assumption, perhaps from
experience with another operating system that the process evnironment
is a hidden place. It's not.
I don't know enough about C2 the interpretation of the certification
rules to comment in detail, but it doesn't seem to me that it should
be an issue. Of course, if some system proces put secret information
in the environment, that would be an issue.
Conisder, how is it different from the fact that if you put secret
information in a world readable file in /tmp/ it will be visible to
everyone?
-- Mail me as MYFIRSTNAME@MYLASTNAME.org.uk _O_ |<
- Next message: phn@icke-reklam.ipsec.nu: "Re: SECURITY PROBLEM OR NOT"
- Previous message: Rudi Swennen: "Re: Shadowed passwords?"
- In reply to: Michel De Rouck: "SECURITY PROBLEM OR NOT"
- Next in thread: Ian G Batten: "Re: SECURITY PROBLEM OR NOT"
- Reply: Ian G Batten: "Re: SECURITY PROBLEM OR NOT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
