[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is Bug#139359 really a bug ?

On Fri, Mar 22, 2002 at 10:50:24AM +0100, Jean-Michel Kelbert wrote:
> I received this (1) bug report yesterday. It is really easy to fix : I
> should only comment one line of code :
> kdDebug (7199) << "Command : " << command << endl;

That doesn't fix the security problem.
> However this line is for debuging.  So I ask me if it is neccessary to
> consider this as a bug, and to fix it. I agree that it should be
> consider like a security failure, however, when you use smbmount in
> console you can write your password. And this isn't consider like a bug

You should pass the password to smbmount using the PASSWD environment
variable.  The command line of any process can be read from /proc by
any random user.  The environment variables can only be read by the

Reply to: