Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gbak should change param0 to not show username/password in ps axf [CORE867] #1258

Closed
firebird-issue-importer opened this issue Jul 23, 2006 · 8 comments

Comments

@firebird-issue-importer

Submitted by: @cincuranet

Jira_subtask_outward CORE868

When you run gbak, other users can see your (or SYSDBA's) password during backup. Changing the param 0 only to i.e. gbak will solve this problem (some security kernel patches, i think aren't the best way).

Commits: 8274d32

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jul 23, 2006

Commented by: dbi (dbi)

Please note that wiping command line parameters only makes it harder to discover the password. The long-term/secure solution is to prompt for passwords or read them from file. This would involve adding command-line switches, though.

And, this is not gbak-specific. All command-line utilities which support -password parameter are vulnerable.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jul 23, 2006

Commented by: @cincuranet

Yes, I know, but this makes a little bit harder to see password.
I've created subtask for nreading password from file/input.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Mar 4, 2007

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 25, 2007

Commented by: @AlexPeshkoff

All firebird utilities replace argv[PASSWORD] with *

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 25, 2007

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.1 Beta 1 [ 10141 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Dec 26, 2007

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 28, 2008

Modified by: @pcisar

Workflow: jira [ 11089 ] => Firebird [ 14632 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 19, 2016

Modified by: @pavel-zotov

QA Status: No test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment