Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] rev 44339: /trunk/ /trunk/ui/gtk/: main.
On Aug 8, 2012, at 7:12 PM, Guy Harris wrote:
>
> On Aug 8, 2012, at 7:30 AM, ruengeler@xxxxxxxxxxxxx wrote:
>
>> http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=44339
>>
>> User: ruengeler
>> Date: 2012/08/08 07:30 AM
>>
>> Log:
>> Add -A as command line option to wireshark and tshark.
>
> Note that, at least on UN*X systems onto which people you *don't* want to see remote machines' rpcap passwords might be logged in, providing a password on the command line is probably not a good idea, as they might be able to see it with "ps". (The same applies if somebody to whom you don't want to show the password is watching over your shoulder.)
>
> We should probably, at minimum, support providing a user name *without* a password with "-A", and prompt the user for the password (on the UN*X command line with getpass() or some such routine; on the Windows command line with whatever's appropriate; in the GUI with a dialog box).
Irene's fix is in response to a user reporting that the -A command line argument is supported by dumpcap,
but not by wireshark or tshark.
I agree, you are able to see the password by using -A, but isn't the same true if you use Wireshark's
GUI? Wireshark will start dumpcap with the -A command line argument and voila, ps provides it.
If we want to make the password not visible by ps, we should not only do it partially. Any idea?
Best regards
Michael
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>