View Issue Details

IDProjectCategoryView StatusLast Update
0004089unrealircdpublic2015-05-23 17:39
ReporterwargAssigned Tosyzop 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
PlatformGNU/LinuxOSanyOS Versionany
Product Version3.2.9 
Target VersionFixed in Version3.4-alpha3 
Summary0004089: non-interactive ./unreal mkpasswd can be logged to ~/.bash_history
Descriptiondevel [~]$ grep 'mkpasswd md5' ~/.bash_history
./unreal mkpasswd md5 password


The submitted patch makes ./unreal mkpasswd [type] interactive:
devel [~/Unreal3.2]$ ./unreal mkpasswd md5
Password:
Encrypted password is: $10q9iGNk$RcEfdSIwtJaUdKX6cAP6fg==
Additional InformationThis patch is for unreal.in (the input file for the unreal script, pre-build)
TagsNo tags attached.
3rd party modules

Activities

warg

2012-02-26 04:13

reporter  

unreal_mkpasswd_interactive.patch (369 bytes)

Stealth

2012-02-26 04:17

reporter   ~0016907

Thanks for pointing this out, as logging commands and not using interactive input for the password could give your password(s) to anyone who has access to your shell (namely the bash history file).

syzop

2012-02-26 21:29

administrator   ~0016920

Point taken.

When we are at it, we might as well do it the right way: have the ircd prompt for the password (in C) and not have the shell pass the password as an argument to the binary, as otherwise one can briefly see the password in 'ps'.

syzop

2015-05-23 17:39

administrator   ~0018331

This is now implemented for 3.4-alph3, simply run './unreal mkpasswd' and it will prompt you.
https://github.com/unrealircd/unrealircd/commit/29f4d5d5408623ee26dd57adb0281f735e1a3da4

Thanks for raising the issue (oh wow, 3 years ago)

Issue History

Date Modified Username Field Change
2012-02-26 04:13 warg New Issue
2012-02-26 04:13 warg File Added: unreal_mkpasswd_interactive.patch
2012-02-26 04:17 Stealth Note Added: 0016907
2012-02-26 04:17 Stealth Status new => acknowledged
2012-02-26 21:29 syzop Note Added: 0016920
2012-02-26 21:30 syzop Relationship added child of 0003915
2012-10-06 12:21 syzop Relationship deleted child of 0003915
2015-05-23 17:39 syzop Note Added: 0018331
2015-05-23 17:39 syzop Status acknowledged => resolved
2015-05-23 17:39 syzop Fixed in Version => 3.4-alpha3
2015-05-23 17:39 syzop Resolution open => fixed
2015-05-23 17:39 syzop Assigned To => syzop