View Issue Details

IDProjectCategoryView StatusLast Update
0004089unrealircdpublic2015-05-23 17:39
Reporterwarg Assigned Tosyzop  
Status resolvedResolutionfixed 
PlatformGNU/LinuxOSanyOS Versionany
Product Version3.2.9 
Fixed in Version3.4-alpha3 
Summary0004089: non-interactive ./unreal mkpasswd can be logged to ~/.bash_history
Descriptiondevel [~]$ grep 'mkpasswd md5' ~/.bash_history
./unreal mkpasswd md5 password

The submitted patch makes ./unreal mkpasswd [type] interactive:
devel [~/Unreal3.2]$ ./unreal mkpasswd md5
Encrypted password is: $10q9iGNk$RcEfdSIwtJaUdKX6cAP6fg==
Additional InformationThis patch is for (the input file for the unreal script, pre-build)
TagsNo tags attached.
3rd party modules



2012-02-26 04:13



2012-02-26 04:17

reporter   ~0016907

Thanks for pointing this out, as logging commands and not using interactive input for the password could give your password(s) to anyone who has access to your shell (namely the bash history file).


2012-02-26 21:29

administrator   ~0016920

Point taken.

When we are at it, we might as well do it the right way: have the ircd prompt for the password (in C) and not have the shell pass the password as an argument to the binary, as otherwise one can briefly see the password in 'ps'.


2015-05-23 17:39

administrator   ~0018331

This is now implemented for 3.4-alph3, simply run './unreal mkpasswd' and it will prompt you.

Thanks for raising the issue (oh wow, 3 years ago)

Issue History

Date Modified Username Field Change
2012-02-26 04:13 warg New Issue
2012-02-26 04:13 warg File Added: unreal_mkpasswd_interactive.patch
2012-02-26 04:17 Stealth Note Added: 0016907
2012-02-26 04:17 Stealth Status new => acknowledged
2012-02-26 21:29 syzop Note Added: 0016920
2012-02-26 21:30 syzop Relationship added child of 0003915
2012-10-06 12:21 syzop Relationship deleted child of 0003915
2015-05-23 17:39 syzop Note Added: 0018331
2015-05-23 17:39 syzop Status acknowledged => resolved
2015-05-23 17:39 syzop Fixed in Version => 3.4-alpha3
2015-05-23 17:39 syzop Resolution open => fixed
2015-05-23 17:39 syzop Assigned To => syzop