adtool displays password in proc title
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
adtool (Debian) |
Fix Released
|
Undecided
|
Jonathan Wiltshire | ||
adtool (Ubuntu) |
Fix Released
|
Undecided
|
Jonathan Wiltshire |
Bug Description
Binary package hint: adtool
ps -efa shows all arguments supplied for adtool. As one can also supply the password for the Active Directory on the command line, this password is also displayed. Obviously, it should not be displayed. The attached patch changes that.
Unfortunately, this patch only replaces the password characters with NULL without changing argv[] properly. This means that ps -efa displays so many NULLs equal to the length of your password. If someone knows how to solve that in a sane way, please update the patch.
I tried to reach the author via the email specified in AUTHORS and got a mail bounce back.
This issue should be fixed in upstream, but I do not know who is responsible for upstream.
Changed in adtool: | |
status: | New → Triaged |
Changed in adtool (Debian): | |
assignee: | nobody → Jonathan Wiltshire (debian-jwiltshire) |
status: | New → In Progress |
Changed in adtool (Ubuntu): | |
assignee: | nobody → Jonathan Wiltshire (debian-jwiltshire) |
status: | Triaged → In Progress |
Changed in adtool (Ubuntu): | |
status: | In Progress → Fix Released |
Changed in adtool (Debian): | |
status: | In Progress → Fix Released |
Steve, I've subscribed you since you're the most recent uploader of adtool. This looks like a solvable problem, but probably done in a way so that the argument isn't on the command-line at all.