[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#778924: ITP: linssid -- graphical wireless scanner

Hi Timo,

Thanks a lot for your message and tip.

I did a patch to force the program runs as root only and ignore the
internal sudo commands. In manpage (created by me) , I explained how
to use gksudo to run the program. The icon on desktop menu uses gksudo
too. You can see the current packaging here[1].

[1] http://anonscm.debian.org/cgit/collab-maint/linssid.git

I will discuss with the upstream about the problem. Do you have any
idea to improve the program?

The package is NEW and I uploaded to 2-day delay queue to wait
possible new issues from you.

Have a good night!

Cheers,

Eriberto

2015-02-22 11:57 GMT-03:00 Timo Juhani Lindfors <timo.lindfors@iki.fi>:
> Hi,
>
> Joao Eriberto Mota Filho <eriberto@debian.org> writes:
>> Package: wnpp
>> Severity: wishlist
>> Owner: Joao Eriberto Mota Filho <eriberto@debian.org>
>>
>> * Package name    : linssid
>>   Version         : 2.7
>>   Upstream Author : Warren Severin <wseverin@warsev.com>
>> * URL             : https://sf.net/projects/linssid
>
> I took a brief look at the source code and noticed that it leaks user's
> password in the process list:
>
> void MainForm::addInterfaces() {
> ...
> commandLine = "echo \'" + password + "\' | sudo -kS -p \"\" " + commandLine;
> ...
> if (system(commandLine.c_str()) == 0) {
>
>
> -Timo
Reply to: