Once upon a while a young talented software-developer, lets name him Tim created an operating system for his own DIY purposes. It was quite a quick and dirty operating system created as workaround just in order to run another software.
One day a stranger appeared and gave him 50.000 bucks for this. He couldn’t believe his fortune and said, yes of course take it. Maybe he thought by himself what a stupid, paying 50 grands for this piece of quick and dirty workaround…
The Stranger was Bill Gates and this quick and dirty operating system (QDOS) became Microsoft DOS…
;-)[/quote]
Windows as a workaround for Mac?
No, thanks. Windows is way too far to fit my needs.
Ah, yes.
A german person talking english to a swiss-french one, the barrier of language I guess. ?
Well, I know I won’t use the echo password workaround for a distributed app; it would be plain foolish. It’s just for my only-used-by-me app where I don’t want to have a helper that just launches another app using the shell (at least 8 Mb for just 2 lines of code ).
Thanks.
The echo mechanism does not show that part of the command in any ps/top output. The author of sudo was smarter than that. Also, grepping for the “echo” doesn’t work since it’s consumed by the tty involved (which is why requiretty is a default setting for modern sudo implementations).
tjones@linux64-2:~$ ps ax | grep sudo
4100 pts/0 S+ 0:00 sudo -S ls -lR /
4114 pts/1 S+ 0:00 grep --color=auto sudo
And, if there is an error, the sudo log is SUPPOSED to be root-only, so any hacker should not be able to see the failure if they don’t already have root access.
[quote=470761:@Tim Jones]The echo mechanism does not show that part of the command in any ps/top output. The author of sudo was smarter than that. Also, grepping for the “echo” doesn’t work since it’s consumed by the tty involved (which is why requiretty is a default setting for modern sudo implementations).
tjones@linux64-2:~$ ps ax | grep sudo
4100 pts/0 S+ 0:00 sudo -S ls -lR /
4114 pts/1 S+ 0:00 grep --color=auto sudo
And, if there is an error, the sudo log is SUPPOSED to be root-only, so any hacker should not be able to see the failure if they don’t already have root access.[/quote]
Indeed, in Tomas’ example, the password doesn’t appear.
So, after all, there may be no way to gather the user’s password when it’s sent using the echo technique