Bug#778924: ITP: linssid -- graphical wireless scanner
Hi,
Joao Eriberto Mota Filho <eriberto@debian.org> writes:
> Package: wnpp
> Severity: wishlist
> Owner: Joao Eriberto Mota Filho <eriberto@debian.org>
>
> * Package name : linssid
> Version : 2.7
> Upstream Author : Warren Severin <wseverin@warsev.com>
> * URL : https://sf.net/projects/linssid
I took a brief look at the source code and noticed that it leaks user's
password in the process list:
void MainForm::addInterfaces() {
...
commandLine = "echo \'" + password + "\' | sudo -kS -p \"\" " + commandLine;
...
if (system(commandLine.c_str()) == 0) {
-Timo
Reply to: