Re: Gosa risking passwords being logged by sudo (Was: Is LWAT completely broken in Squeeze?)
- To: debian-edu@lists.debian.org
- Subject: Re: Gosa risking passwords being logged by sudo (Was: Is LWAT completely broken in Squeeze?)
- From: "Andreas B. Mundt" <andi.mundt@web.de>
- Date: Thu, 2 Sep 2010 08:51:05 +0200
- Message-id: <[🔎] 20100902065105.GA3711@siddhartha.sunshine>
- In-reply-to: <20100824062426.GE28089@login1.uio.no>
- References: <20100719192727.GB6444@login2.uio.no> <4C5698E5.9020307@bzz.no> <201008131312.07622.holger@layer-acht.org> <4C72A512.40206@bzz.no> <20100824002622.GA4862@siddhartha.sunshine> <4C7361AC.7070201@bzz.no> <20100824062426.GE28089@login1.uio.no>
Hi,
On Tue, Aug 24, 2010 at 08:24:26AM +0200, Petter Reinholdtsen wrote:
>
> The fix for this is to change gosa and the hooks to pass the passwords
> in the environment or using stdin, to make sure the password is not
> visible in the process list nor logged by sudo.
>
The suggested fix is in GOsa upstream now:
<URL:https://oss.gonicus.de/labs/gosa/ticket/1026>
Regards,
Andi
Reply to: