By default, on Linux, command line information is a system-wide
resource, visible to all local users via /proc. It would make sense to
add a mode to cisco-decrypt to read the password from standard input, so
that it does not leak.
There is a Fedora bug for this:
<https://bugzilla.redhat.com/show_bug.cgi?id=1019888>
--
Florian Weimer / Red Hat Product Security
_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/
resource, visible to all local users via /proc. It would make sense to
add a mode to cisco-decrypt to read the password from standard input, so
that it does not leak.
There is a Fedora bug for this:
<https://bugzilla.redhat.com/show_bug.cgi?id=1019888>
--
Florian Weimer / Red Hat Product Security
_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/