Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fixed redis-cli security issue with world readable history file #1418

Closed
wants to merge 1 commit into from
Closed

fixed redis-cli security issue with world readable history file #1418

wants to merge 1 commit into from

Conversation

georgenicolaou
Copy link

the redis-cli history file (in linenoise) is created with the default OS umask value which makes it world readable in most systems and could potentially expose authentication credentials to other users.

PS: I think AUTH commands shouldn't be logged in the history file at all

antirez added a commit that referenced this pull request Jul 29, 2016
The problem was fixed in antirez/linenoise repository applying a patch
contributed by @lamby. Here the new version is updated in the Redis
source tree.

Close #1418
Close #3322
@antirez antirez closed this in 9d52411 Jul 29, 2016
JackieXie168 pushed a commit to JackieXie168/redis that referenced this pull request Aug 29, 2016
The problem was fixed in antirez/linenoise repository applying a patch
contributed by @lamby. Here the new version is updated in the Redis
source tree.

Close redis#1418
Close redis#3322
jepickett pushed a commit to microsoftarchive/redis that referenced this pull request Feb 9, 2017
The problem was fixed in antirez/linenoise repository applying a patch
contributed by @lamby. Here the new version is updated in the Redis
source tree.

Close redis#1418
Close redis#3322
JackieXie168 pushed a commit to JackieXie168/redis that referenced this pull request Jan 13, 2018
The problem was fixed in antirez/linenoise repository applying a patch
contributed by @lamby. Here the new version is updated in the Redis
source tree.

Close redis#1418
Close redis#3322
pulllock pushed a commit to pulllock/redis that referenced this pull request Jun 28, 2023
The problem was fixed in antirez/linenoise repository applying a patch
contributed by @lamby. Here the new version is updated in the Redis
source tree.

Close redis#1418
Close redis#3322
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant