Re: Gosa risking passwords being logged by sudo (Was: Is LWAT completely broken in Squeeze?)

To: debian-edu@lists.debian.org
Subject: Re: Gosa risking passwords being logged by sudo (Was: Is LWAT completely broken in Squeeze?)
From: "Andreas B. Mundt" <andi.mundt@web.de>
Date: Thu, 2 Sep 2010 08:51:05 +0200
Message-id: <[🔎] 20100902065105.GA3711@siddhartha.sunshine>
In-reply-to: <20100824062426.GE28089@login1.uio.no>
References: <20100719192727.GB6444@login2.uio.no> <4C5698E5.9020307@bzz.no> <201008131312.07622.holger@layer-acht.org> <4C72A512.40206@bzz.no> <20100824002622.GA4862@siddhartha.sunshine> <4C7361AC.7070201@bzz.no> <20100824062426.GE28089@login1.uio.no>

Hi,

On Tue, Aug 24, 2010 at 08:24:26AM +0200, Petter Reinholdtsen wrote:
>
> The fix for this is to change gosa and the hooks to pass the passwords
> in the environment or using stdin, to make sure the password is not
> visible in the process list nor logged by sudo.
> 

The suggested fix is in GOsa upstream now:
<URL:https://oss.gonicus.de/labs/gosa/ticket/1026> 

Regards, 
	 Andi

Reply to:

Prev by Date: Your Bugzilla buglist needs attention.
Next by Date: Ready for alpha1, release notes need to be written first
Previous by thread: debian-edu-config_1.443~svn69048_i386.changes ACCEPTED
Next by thread: Ready for alpha1, release notes need to be written first
Index(es):
- Date
- Thread