master key should *not* be provided on command line
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ekeyd (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: ekeyd
From the ekey-rekey man page:
SYNOPSIS
ekey-rekey [ -d DeviceNode ] SerialNumber MasterKey
However, the "MasterKey" is a critical secret for this device and should never be disclosed. Providing it on the command line means it's potentially available in the process listing to other users of the system.
Furthermore, the above command needs to be run as root (normal users don't have sufficient rights). On Ubuntu this will normally be done via sudo. Any command executed with sudo is written to the system's log files. Thus, the "MasterKey" will quite likely be written to the system's log files. This is highly undesirable.
It would be far better for the "MasterKey" to be read from stdin or some other means than requiring that it be provided on the command line.
As this has the potential to disclose the "MasterKey" I'm tempted to classify this as a security issue. However, I'll leave that decision to others.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: ekeyd 1.1.1-1ubuntu1
Uname: Linux 2.6.35-
NonfreeKernelMo
Architecture: amd64
Date: Fri Aug 27 11:14:55 2010
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release amd64 (20091027)
ProcEnviron:
PATH=(custom, user)
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: ekeyd
| Jamin W. Collins (jcollins) wrote | #1 |
| Jamin W. Collins (jcollins) wrote | #2 |
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in ekeyd (Ubuntu): | |
| status: | New → Confirmed |
I just verified that even without running the command directly through sudo, but first switching to root (via "sudo su"), results in the "MasterKey" being written to root's ~/.bash_history since it is provided on the command line.