password passed through -e by environment is leaked in /proc
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sshpass (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
run sshpass as following
SSHPASS="password" /usr/bin/sshpass -e ssh -o StrictHostKeyCh
user@Ubuntu14-
SSHPASS=password ...
password is leaked here.
Recommendation:
SSHPASS should be cleared after use.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: sshpass 1.05-1
ProcVersionSign
Uname: Linux 3.13.0-39-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.5
Architecture: amd64
Date: Mon Dec 12 13:44:35 2016
Dependencies:
gcc-4.9-base 4.9.1-0ubuntu1
libc6 2.19-0ubuntu6.3
libgcc1 1:4.9.1-0ubuntu1
multiarch-support 2.19-0ubuntu6.3
InstallationDate: Installed on 2014-04-22 (965 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
ProcEnviron:
TERM=xterm
PATH=(custom, no username)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: sshpass
UpgradeStatus: No upgrade log present (probably fresh install)
Changed in sshpass (Ubuntu): | |
status: | Fix Committed → Fix Released |
Fixed in upstream. Will be released in sshpass 1.08