Red Hat Bugzilla – Bug 50879
sensitive information given on cmd-line
Last modified: 2008-05-01 11:38:00 EDT
[copy of bug #23066]
Although the username should not be secret in most cases, it contains
confidential information at some providers. E.g. the german T-Online builds
the username from the phone-number and a secret, long number (which must be
entered in T-Online's own-application into a veiled password-input field).
So it's not good when giving this username as a cmdline-option to ipppd in
/etc/init.d/isdn, because everybody can see it with `ps'.
Options can be given to ipppd in a configuration file with '-f...', so the
username can be put there.
This defect is considered SHOULD-FIX for Fairfax.
It's fixed in initscript-6.14-1