ecryptfs team mailing list archive
-
ecryptfs team
-
Mailing list archive
-
Message #00260
[Bug 295511] Re: insecure passing of passwords on the command line
*** This bug is a duplicate of bug 287908 ***
https://bugs.launchpad.net/bugs/287908
** This bug has been marked a duplicate of bug 287908
ecryptfs-setup-private potentially exposes passwords in the process table
--
insecure passing of passwords on the command line
https://bugs.launchpad.net/bugs/295511
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu (via bug 287908).
Status in eCryptfs - Enterprise Cryptographic Filesystem: New
Bug description:
Passing the mount password and login password on the command line is insecure on systems were this is viewable with ps. This is done in at least ecryptfs-setup-private, and required by at least ecryptfs-wrap-passphrase and ecryptfs-add-passphrase. Accepting the password on standard input is normally preferred.
Originally from http://sourceforge.net/tracker/index.php?func=detail&aid=2125165&group_id=133988&atid=728799