[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debconf best practices: how to ask for a password?

Francois Marier wrote:
> Now the problem (see bug #462658) is that if you ever put a non-empty
> password there, then, you can no longer get rid of it after
> dpkg-reconfiguring the package.  debconf seems to be ignoring empty password
> fields and still returns the previous value.

This is a deficiency in debconf's UIs for prompting for password. Since
there's generally no sane way to display the old password as the default
and allow users to change it or delete the password entirely, debconf
instead displays no password, and if the user enters nothing, assumes
they meant to enter the old password unchanged.

I think that the best approach is to clear your password value out of
debconf's database after it has prompted for the password, to avoid
storing a copy of the password there, and to avoid re-asking for the
password if one is configured in the file.

BTW, your package's postinst writes the password to $CONFIG_FILE before
running chmod 600 $CONFIG_FILE, which is a small security hole. Your
package also seems to use debconf as a registry -- when upgraded or
dpkg-reconfigured it ignores the content of the config file and replaces
it with the values from the debconf database.

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: