Re: SECURITY PROBLEM OR NOT

From: Richard Caley (MYFIRSTNAME@MYLASTNAME.org.uk)
Date: 11/27/02


From: Richard Caley <MYFIRSTNAME@MYLASTNAME.org.uk>
Date: Wed, 27 Nov 2002 11:12:03 GMT

In article <3DE48104.4D163A5@steria.be>, Michel De Rouck (mdr) writes:

mdr> I could find solutions to work arround this problem ....

Why do you think it is a problem? There are hidden places and public
places, if you put secret information in a public place it becomes
visible.

It seems the problem, if any, is your assumption, perhaps from
experience with another operating system that the process evnironment
is a hidden place. It's not.

I don't know enough about C2 the interpretation of the certification
rules to comment in detail, but it doesn't seem to me that it should
be an issue. Of course, if some system proces put secret information
in the environment, that would be an issue.

Conisder, how is it different from the fact that if you put secret
information in a world readable file in /tmp/ it will be visible to
everyone?

-- 
Mail me as MYFIRSTNAME@MYLASTNAME.org.uk        _O_
                                                 |<