Re: Is Bug#139359 really a bug ?
On Fri, Mar 22, 2002 at 10:50:24AM +0100, Jean-Michel Kelbert wrote:
> I received this (1) bug report yesterday. It is really easy to fix : I
> should only comment one line of code :
>
> kdDebug (7199) << "Command : " << command << endl;
That doesn't fix the security problem.
> However this line is for debuging. So I ask me if it is neccessary to
> consider this as a bug, and to fix it. I agree that it should be
> consider like a security failure, however, when you use smbmount in
> console you can write your password. And this isn't consider like a bug
You should pass the password to smbmount using the PASSWD environment
variable. The command line of any process can be read from /proc by
any random user. The environment variables can only be read by the
owner.
Reply to: