[Gambas-user] Program to use different group rights
Tobias Boege
taboege at gmail.com
Mon Nov 26 22:33:24 CET 2018
On Mon, 26 Nov 2018, T Lee Davidson wrote:
> How about this:
>
> Public Sub Main()
>
> Dim sPass, sOutput As String
>
> sPass = "wrong"
> Shell "echo " & sPass & "|su -c True $USER 2>&1" To sOutput
> ' Print sOutput
> If InStr(sOutput, "failure") > 0 Then
> Print "Fail"
> Else
> Print "Pass"
> Endif
>
> End
I would advise against this. If you put your password into a command line
of some sort, everyone on your system can read it via /proc/$PID/cmdline.
They just have to be fast enough. That's a gamble I wouldn't take.
This is one of the reasons why programs like to read passwords interactively
from a tty, not just a pipe (even though apparently su is fine with a pipe
by default). It would be better to start `su` For Write (not To sOutput)
and then Print the password to the Process stream directly from Gambas.
This is, of course, exactly what your echo achieves, but this way, you have
the password in memory and don't broadcast it to /proc.
Regards,
Tobi
--
"There's an old saying: Don't change anything... ever!" -- Mr. Monk
More information about the User
mailing list