Gearman

Sensitive data on the command line

Bug #1003561 reported by Elbandi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Gearman
Fix Released
Undecided
Unassigned

Bug Description

Gearmand is configured by command line parameters. This can contain sensitive data (like username or password), this is security issue.

My patch add a feature to load configuration parameters from command line too:
 gearmand --config /etc/gearmand.conf

Elbandi

Revision history for this message
Elbandi (ea333) wrote :
Revision history for this message
Brian Aker (brianaker) wrote : Re: [Bug 1003561] Re: Sensitive data on the command line

The trunk has this feature.

Sent from my Ti85

On May 23, 2012, at 10:35, Elbandi <email address hidden> wrote:

> ** Patch added: "0001-Can-load-options-from-config-file.patch"
> https://bugs.launchpad.net/bugs/1003561/+attachment/3159751/+files/0001-Can-load-options-from-config-file.patch
>
> --
> You received this bug notification because you are subscribed to
> Gearman.
> https://bugs.launchpad.net/bugs/1003561
>
> Title:
> Sensitive data on the command line
>
> Status in Gearman Server and Client Libraries:
> New
>
> Bug description:
> Gearmand is configured by command line parameters. This can contain
> sensitive data (like username or password), this is security issue.
>
> My patch add a feature to load configuration parameters from command line too:
> gearmand --config /etc/gearmand.conf
>
>
> Elbandi
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/gearmand/+bug/1003561/+subscriptions

Revision history for this message
Elbandi (ea333) wrote :

oh, i forgot to watch trunk :(

But i got two remarks:
Trunk code is reading the config file, build an array, and parse it with command_line_parser. While my patch is using boost own parse_config_file call. And this method is called differect configuration options: "help", "version", "config-file" and hidden options is exists only in commandline options. (why put anyone a "help" or "check-args" to config file? :D )

Elbandi

Revision history for this message
Brian Aker (brianaker) wrote : Re: [Bug 1003561] Sensitive data on the command line

Hi,

If you want to provide a patch I'd be happy to consider it.

Cheers,
 -Brian

On May 24, 2012, at 5:11 AM, Elbandi wrote:

> oh, i forgot to watch trunk :(
>
> But i got two remarks:
> Trunk code is reading the config file, build an array, and parse it with command_line_parser. While my patch is using boost own parse_config_file call. And this method is called differect configuration options: "help", "version", "config-file" and hidden options is exists only in commandline options. (why put anyone a "help" or "check-args" to config file? :D )
>
> Elbandi
>
> --
> You received this bug notification because you are subscribed to
> Gearman.
> https://bugs.launchpad.net/bugs/1003561
>
> Title:
> Sensitive data on the command line
>
> Status in Gearman Server and Client Libraries:
> New
>
> Bug description:
> Gearmand is configured by command line parameters. This can contain
> sensitive data (like username or password), this is security issue.
>
> My patch add a feature to load configuration parameters from command line too:
> gearmand --config /etc/gearmand.conf
>
>
> Elbandi
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/gearmand/+bug/1003561/+subscriptions

Revision history for this message
Clint Byrum (clint-fewbar) wrote :

--config-file fixed this bug and is available in at least as far back as 1.0.4

Changed in gearmand:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.