ecryptfs team mailing list archive

Thread
Date

[Bug 295511] Re: insecure passing of passwords on the command line

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Dustin Kirkland <dustin.kirkland@xxxxxxxxx>
Date: Sun, 09 Nov 2008 09:09:51 -0000
Reply-to: Bug 295511 <295511@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a duplicate of bug 287908 ***
    https://bugs.launchpad.net/bugs/287908

** This bug has been marked a duplicate of bug 287908
   ecryptfs-setup-private potentially exposes passwords in the process table

-- 
insecure passing of passwords on the command line
https://bugs.launchpad.net/bugs/295511
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu (via bug 287908).

Status in eCryptfs - Enterprise Cryptographic Filesystem: New

Bug description:
Passing the mount password and login password on the command line is insecure on systems were this is viewable with ps.  This is done in at least ecryptfs-setup-private, and required by at least ecryptfs-wrap-passphrase and ecryptfs-add-passphrase. Accepting the password on standard input is normally preferred.

Originally from http://sourceforge.net/tracker/index.php?func=detail&aid=2125165&group_id=133988&atid=728799