Re: Handling of raw passwords, quoting, escaping
> And I worry there may be other issues, including:
> * gosa-sync uses the raw passwords as processes arguments, which on a
> multi-user system means others (users or services) to read them via
> /proc or utilities like 'top', 'ps' or 'w'
gosa-sync is carefully constructed to never use the password as
process argument. It is only available in the environment passed from
GOSA, a inline text string and in a temp file.
> * would reportbug accidentally disclose the raw passwords from debconf?
The clear text passwords are removed from debconf at the end of the
installation, so this should not happen if the installation is
successful. See ldap-debian-edu-install for the code clearing the
> * hashing of the root user's password in /etc/shadow is ineffective
> if the raw password can be obtained from debconf.
Which can't be done if the installation succeeded.
I agree that the password handling have been bad, but it isn't quite
as bad as you worry about. :)