[PATCH 1/2] s3fs-popt: Add function to burn the commandline password.

Jeremy Allison jra at samba.org
Mon Nov 5 10:02:49 MST 2012


On Mon, Nov 05, 2012 at 08:02:47AM +0100, Michael Adam wrote:
> Hi Andreas,
> 
> I agree with Andrew: the patch certainly does not harm, but
> it might create a false sense of safety for specifying passwords
> on the command line. We should not recommend that for production use.
> So I am not quite certain what the patch is supposed to achieve.
> Could you explain?

Just to chip in, as I'm reviewing this - this is not a security
patch, it's a modification to move to better practices around
password exposure. It's simply better practice to avoid showing
a password in the process command line if you can avoid it.

Sure it's still available as the process is starting up, so
it's not a fixable race, it's just .. tidier (IMHO :-).

Comparing it to the user name on the command line isn't really
the same issue, user names are nowhere near as sensitive as
passwords. Just because we can't make something completely
secure doesn't mean we shouldn't try and make it a little
better.

So I'm planning to push it unless there are really serious
objections - I don't think this is a start of trying to
remove all races in this area - I'm guessing it's a
policy thing (try and reduce exposure of passwords
as much as possible).

I'll wait until I get back on Wed before pushing to give
people time if they really want to object but this doesn't
seem a big deal to me.

Jeremy.


More information about the samba-technical mailing list