[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers] Cron <address@hidden> sf_www --user root --passwo
From: |
Mark H. Weaver |
Subject: |
Re: [Savannah-hackers] Cron <address@hidden> sf_www --user root --password ????? |
Date: |
27 Feb 2001 00:14:21 -0500 |
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.0.97 |
> Sending a password as the subject of an email can be dangerous :)
>
> Messages from this list are being archived and public, I have changed
> that to be private.
>
> (I replaced the password with ?????)
>
> Both lines at: `/etc/cron.d/savannah' have this same "feature", and
> both matches password with root, so that sounds even more dangerous.
Holy cow!!! This is REALLY bad.
/etc/cron.d/savannah is also a world-readable file, and even if it
wasn't, passwords should NEVER be on a command line, especially not
root's password, because that is readable information via ps.
Please tell me what those scripts are doing and why they need a
password in them, and I'm sure we can figure out a way to avoid this
awful practice.
Mark
Re: [Savannah-hackers] Cron <address@hidden> sf_www --user root --password ?????, Loic Dachary, 2001/02/27