[Gambas-user] Program to use different group rights
T Lee Davidson
t.lee.davidson at gmail.com
Tue Nov 27 01:06:17 CET 2018
On 11/26/18 4:33 PM, Tobias Boege wrote:
> On Mon, 26 Nov 2018, T Lee Davidson wrote:
>> How about this:
>>
>> Public Sub Main()
>>
>> Dim sPass, sOutput As String
>>
>> sPass = "wrong"
>> Shell "echo " & sPass & "|su -c True $USER 2>&1" To sOutput
>> ' Print sOutput
>> If InStr(sOutput, "failure") > 0 Then
>> Print "Fail"
>> Else
>> Print "Pass"
>> Endif
>>
>> End
>
> I would advise against this. If you put your password into a command line
> of some sort, everyone on your system can read it via /proc/$PID/cmdline.
> They just have to be fast enough. That's a gamble I wouldn't take.
>
> This is one of the reasons why programs like to read passwords interactively
> from a tty, not just a pipe (even though apparently su is fine with a pipe
> by default). It would be better to start `su` For Write (not To sOutput)
> and then Print the password to the Process stream directly from Gambas.
> This is, of course, exactly what your echo achieves, but this way, you have
> the password in memory and don't broadcast it to /proc.
>
> Regards,
> Tobi
>
Ouch, I had forgotten about /proc/$PID/cmdline.
Thank you, Tobi, for your, always excellent, insight and teaching :-)
___
Lee
More information about the User
mailing list