[lokisetup] CDkey prompting...
Ryan C. Gordon
icculus at clutteredmind.org
Tue Mar 2 12:47:40 EST 2004
> Isn't there a security implication in being able to possibly read the cdkey via
> ps -ax?
If you don't like it, photocopy your butt and send it to Richard
Stallman; this is one of those moments when the intention of the GPL is
a little overly hostile to real world needs.
Writing to a pipe instead of passing a command line is more complexity
than I'm willing to put into this. In the case of ut2004, you can enter
"skip" as your cd key and manually edit the cdkey file later...that's in
there as a general failsafe, but it'll avoid this problem, too.
In reality, a valid key would go through once and way too quickly for
any practical exploit. An invalid key will block for X seconds, but hey,
you can steal invalid keys all you want. :)
Plus this isn't generally something you're installing while other users
are camping on the box, unless they've rooted you, in which case they
can get the info from the file itself, etc, etc, etc...
In short, "I don't think it's a problem".
More information about the Lokisetup