Consumer secret is displayed in ps output
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu One Client |
Fix Released
|
Undecided
|
dobey |
Bug Description
I don't know what a "consumer secret" is, but the name implies it's
something sensitive. It probably shouldn't be visible in ps output:
$ ps ax|grep ubuntu
6965 ? S 0:02 /bin/bash /usr/bin/
7375 ? Ssl 0:23 /usr/bin/python /usr/bin/
7396 ? Sl 2:55 /usr/bin/python /usr/bin/
23911 pts/3 S+ 0:00 grep ubuntu
Here's the versions of ubuntuone-related packages I've got
installed:
$ dpkg -l|grep ubuntuone
ii nautilus-ubuntuone 0.1~8.10-687-1 nautilus-ubuntuone is a nautilus extension f
ii ubuntuone-
ii ubuntuone-
ii ubuntuone-storagefs 0.3~8.10-687-1 ubuntuone-storagefs is a FUSE filesystem for
Changed in ubuntuone-client: | |
milestone: | none → beta1 |
status: | Triaged → Fix Committed |
Changed in ubuntuone-client: | |
status: | Fix Committed → Fix Released |
visibility: | private → public |
This is why secrets that aren't really secret should have values like "public-token" or "not-a-secret", rather than the opaque but amusing "hammertime". :-)