View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004089 | unreal | ircd | public | 2012-02-26 04:13 | 2015-05-23 17:39 |
| Reporter | warg | Assigned To | syzop | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Platform | GNU/Linux | OS | any | OS Version | any |
| Product Version | 3.2.9 | ||||
| Fixed in Version | 3.4-alpha3 | ||||
| Summary | 0004089: non-interactive ./unreal mkpasswd can be logged to ~/.bash_history | ||||
| Description | devel [~]$ grep 'mkpasswd md5' ~/.bash_history ./unreal mkpasswd md5 password The submitted patch makes ./unreal mkpasswd [type] interactive: devel [~/Unreal3.2]$ ./unreal mkpasswd md5 Password: Encrypted password is: $10q9iGNk$RcEfdSIwtJaUdKX6cAP6fg== | ||||
| Additional Information | This patch is for unreal.in (the input file for the unreal script, pre-build) | ||||
| Tags | No tags attached. | ||||
| Attached Files | |||||
| 3rd party modules | |||||
|
|
Thanks for pointing this out, as logging commands and not using interactive input for the password could give your password(s) to anyone who has access to your shell (namely the bash history file). |
|
|
Point taken. When we are at it, we might as well do it the right way: have the ircd prompt for the password (in C) and not have the shell pass the password as an argument to the binary, as otherwise one can briefly see the password in 'ps'. |
|
|
This is now implemented for 3.4-alph3, simply run './unreal mkpasswd' and it will prompt you. https://github.com/unrealircd/unrealircd/commit/29f4d5d5408623ee26dd57adb0281f735e1a3da4 Thanks for raising the issue (oh wow, 3 years ago) |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2012-02-26 04:13 | warg | New Issue | |
| 2012-02-26 04:13 | warg | File Added: unreal_mkpasswd_interactive.patch | |
| 2012-02-26 04:17 | Stealth | Note Added: 0016907 | |
| 2012-02-26 04:17 | Stealth | Status | new => acknowledged |
| 2012-02-26 21:29 | syzop | Note Added: 0016920 | |
| 2012-02-26 21:30 | syzop | Relationship added | child of 0003915 |
| 2012-10-06 12:21 | syzop | Relationship deleted | child of 0003915 |
| 2015-05-23 17:39 | syzop | Note Added: 0018331 | |
| 2015-05-23 17:39 | syzop | Status | acknowledged => resolved |
| 2015-05-23 17:39 | syzop | Fixed in Version | => 3.4-alpha3 |
| 2015-05-23 17:39 | syzop | Resolution | open => fixed |
| 2015-05-23 17:39 | syzop | Assigned To | => syzop |
