Re: [HACKERS] TODO list updated

Bruce Momjian <pgman@candle.pha.pa.us>

From: Bruce Momjian <pgman@candle.pha.pa.us>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Peter Eisentraut <peter_e@gmx.net>, The Hermit Hacker <scrappy@hub.org>, PostgreSQL-development <pgsql-hackers@postgreSQL.org>
Date: 2000-01-13T17:22:23Z
Lists: pgsql-hackers
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> >> You can't securely do
> >> echo $PASSWORD | backend
> >> or
> >> echo $PASSWORD > allegedly-secure-temp-file
> 
> > This is secure.  echo is a shell builtin, and does not invoke a separate
> > process with arguments.
> 
> echo is a builtin in ksh and derivatives, but I don't think it's safe
> to assume it is a builtin everywhere...

I believe it is safe.  csh and sh have it built in.  Does anyone know of
a shell that does not have echo builtin?  How do you tell?  Not sure.


-- 
  Bruce Momjian                        |  http://www.op.net/~candle
  maillist@candle.pha.pa.us            |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026