Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

fixed redis-cli security issue with world readable history file #1418

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
1 participant

the redis-cli history file (in linenoise) is created with the default OS umask value which makes it world readable in most systems and could potentially expose authentication credentials to other users.

PS: I think AUTH commands shouldn't be logged in the history file at all

antirez added a commit that referenced this pull request Jul 29, 2016

Update linenoise to fix insecure redis-cli history file creation.
The problem was fixed in antirez/linenoise repository applying a patch
contributed by @lamby. Here the new version is updated in the Redis
source tree.

Close #1418
Close #3322

@antirez antirez closed this in 9d52411 Jul 29, 2016

JackieXie168 pushed a commit to JackieXie168/redis that referenced this pull request Aug 29, 2016

Update linenoise to fix insecure redis-cli history file creation.
The problem was fixed in antirez/linenoise repository applying a patch
contributed by @lamby. Here the new version is updated in the Redis
source tree.

Close #1418
Close #3322

jepickett added a commit to MicrosoftArchive/redis that referenced this pull request Feb 9, 2017

Update linenoise to fix insecure redis-cli history file creation.
The problem was fixed in antirez/linenoise repository applying a patch
contributed by @lamby. Here the new version is updated in the Redis
source tree.

Close #1418
Close #3322
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment