Inkscape

whiteboard backtrace reveals sensitive information

Bug #167562 reported by Rwst on 2006-05-25

2

Affects		Status	Importance	Assigned to	Milestone
	Inkscape	Fix Released	Low	ishmal

Bug Description

due to security considerations the bug is not described
here fully, the problem being information being shown
in backtraces.

the bug is known to dwyip and therefore assigned to him

Tags:

Revision history for this message

Dwyip (dwyip) wrote on 2006-05-25:

#1

I do not think it is possible to fix this in the
Loudmouth-based Inkboard, as both
lm_connection_authenticate_and_block and
lm_connection_authenticate require the password to be passed
as gchar const*, and gdb can easily dereference that into
cleartext.

Revision history for this message

Dwyip (dwyip) wrote on 2006-05-25:

#2

er, I should also add that both functions require it to be
passed as a parameter, and there's really no way to
obfuscate it with e.g. another level of indirection.

I can bug Mikael about this, though.

Revision history for this message

Peter Lewerin (vermeil-deactivatedaccount) wrote on 2007-12-08:

#3

I'm setting this to incomplete in accordance with <URL http://wiki.inkscape.org/wiki/index.php/BugTriageProjects>.

Changed in inkscape:
status:	New → Incomplete

Revision history for this message

Bryce Harrington (bryce) wrote on 2007-12-22:

#4

Dwyip, have you had a chance to look into this?

Revision history for this message

Tom Davidson (tjd-mit) wrote on 2008-02-05:

#5

Given that this bug is explicitly not described 'due to security considerations', I don't think it should be marked incomplete (triggers expiry). Marking importance 'unknown'

Changed in inkscape:
importance:	High → Unknown
status:	Incomplete → Confirmed

Revision history for this message

ishmal (ishmalius) wrote on 2008-04-13:

#6

Loudmouth is no longer used, so this particular instance no longer happens. Please open a new bug if something similar is found with the new xmpp implementation.

Changed in inkscape:
assignee:	dwyip → ishmalius
status:	Confirmed → Fix Committed

theAdib (theadib) on 2009-09-29

Changed in inkscape:
importance:	Unknown → Low

Pablo Trabajos (pajarico) on 2009-10-06

tags:

removed: other

ScislaC (scislac) on 2009-10-06

Changed in inkscape:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.