Bug#778924: ITP: linssid -- graphical wireless scanner
Hi Timo,
Thanks a lot for your message and tip.
I did a patch to force the program runs as root only and ignore the
internal sudo commands. In manpage (created by me) , I explained how
to use gksudo to run the program. The icon on desktop menu uses gksudo
too. You can see the current packaging here[1].
[1] http://anonscm.debian.org/cgit/collab-maint/linssid.git
I will discuss with the upstream about the problem. Do you have any
idea to improve the program?
The package is NEW and I uploaded to 2-day delay queue to wait
possible new issues from you.
Have a good night!
Cheers,
Eriberto
2015-02-22 11:57 GMT-03:00 Timo Juhani Lindfors <timo.lindfors@iki.fi>:
> Hi,
>
> Joao Eriberto Mota Filho <eriberto@debian.org> writes:
>> Package: wnpp
>> Severity: wishlist
>> Owner: Joao Eriberto Mota Filho <eriberto@debian.org>
>>
>> * Package name : linssid
>> Version : 2.7
>> Upstream Author : Warren Severin <wseverin@warsev.com>
>> * URL : https://sf.net/projects/linssid
>
> I took a brief look at the source code and noticed that it leaks user's
> password in the process list:
>
> void MainForm::addInterfaces() {
> ...
> commandLine = "echo \'" + password + "\' | sudo -kS -p \"\" " + commandLine;
> ...
> if (system(commandLine.c_str()) == 0) {
>
>
> -Timo
Reply to: