gbak should change param0 to not show username/password in ps axf [CORE867] #1258
Comments
|
Commented by: dbi (dbi) Please note that wiping command line parameters only makes it harder to discover the password. The long-term/secure solution is to prompt for passwords or read them from file. This would involve adding command-line switches, though. And, this is not gbak-specific. All command-line utilities which support -password parameter are vulnerable. |
|
Commented by: @cincuranet Yes, I know, but this makes a little bit harder to see password. |
Modified by: @AlexPeshkoffassignee: Alexander Peshkov [ alexpeshkoff ] |
|
Commented by: @AlexPeshkoff All firebird utilities replace argv[PASSWORD] with * |
Modified by: @AlexPeshkoffstatus: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 2.1 Beta 1 [ 10141 ] |
Modified by: @pcisarstatus: Resolved [ 5 ] => Closed [ 6 ] |
Modified by: @pcisarWorkflow: jira [ 11089 ] => Firebird [ 14632 ] |
Modified by: @pavel-zotovQA Status: No test |
firebird-issue-importer
added
affect-version: 2.0 RC3
affect-version: 2.0 RC2
affect-version: 2.0 RC1
affect-version: 2.0 Beta 2
affect-version: 2.0 Beta 1
affect-version: 1.5.3
affect-version: 1.5.2
affect-version: 1.5.1
affect-version: 1.5.0
fix-version: 2.1 Beta 1
resolution: fixed
priority: major
component: gbak
type: improvement
labels
Submitted by: @cincuranet
Jira_subtask_outward CORE868
When you run gbak, other users can see your (or SYSDBA's) password during backup. Changing the param 0 only to i.e. gbak will solve this problem (some security kernel patches, i think aren't the best way).
Commits: 8274d32
The text was updated successfully, but these errors were encountered: