Need a way to prevent custom object variables (e.g. password) from going into environment

rouilj+nagiosdev at cs.umb.edu rouilj+nagiosdev at cs.umb.edu
Sat Dec 30 03:25:03 CET 2006

Previous message: Need a way to prevent custom object variables (e.g. password) from going into environment
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <200612292131.36963.pitchfork at ederdrom.de>,
Joerg Linge writes:

>Am Freitag, 29. Dezember 2006 18:36 schrieb rouilj+nagiosdev at cs.umb.edu:
>> Hi all:
>[...]
>> It also mentions that custom object vars are available as
>> environmental variables. Is there a way to turn that off? I.E. if the
>> variable was a password you don't want that being passed in the
>> environment where it is viewable by everybody.
>
>The ENV Vars are only available for new processes forked by the Nagios Daemon.
>So the vars are not available for everybody.

Using ps I can dump the environment of any/all processes by default
under linux (ps -auxew for example), so unless you are running a
security enhanced linux that restricts that, any user on the system
can see the environment including passwords.

				-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Previous message: Need a way to prevent custom object variables (e.g. password) from going into environment
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list