[PATCH 1/2] s3fs-popt: Add function to burn the commandline password.
Jeremy Allison
jra at samba.org
Mon Nov 5 10:16:46 MST 2012
On Mon, Nov 05, 2012 at 12:08:34PM -0500, simo wrote:
> On Mon, 2012-11-05 at 09:02 -0800, Jeremy Allison wrote:
> > On Mon, Nov 05, 2012 at 08:02:47AM +0100, Michael Adam wrote:
> > > Hi Andreas,
> > >
> > > I agree with Andrew: the patch certainly does not harm, but
> > > it might create a false sense of safety for specifying passwords
> > > on the command line. We should not recommend that for production use.
> > > So I am not quite certain what the patch is supposed to achieve.
> > > Could you explain?
> >
> > Just to chip in, as I'm reviewing this - this is not a security
> > patch, it's a modification to move to better practices around
> > password exposure. It's simply better practice to avoid showing
> > a password in the process command line if you can avoid it.
> >
> > Sure it's still available as the process is starting up, so
> > it's not a fixable race, it's just .. tidier (IMHO :-).
> >
> > Comparing it to the user name on the command line isn't really
> > the same issue, user names are nowhere near as sensitive as
> > passwords. Just because we can't make something completely
> > secure doesn't mean we shouldn't try and make it a little
> > better.
> >
> > So I'm planning to push it unless there are really serious
> > objections - I don't think this is a start of trying to
> > remove all races in this area - I'm guessing it's a
> > policy thing (try and reduce exposure of passwords
> > as much as possible).
> >
> > I'll wait until I get back on Wed before pushing to give
> > people time if they really want to object but this doesn't
> > seem a big deal to me.
>
> this is really more about avoding accidental exposure if we can than
> anything else. It is not meant to make it secure to put passwords on the
> command line, that's never secure and never will (and the password ends
> up in your shell history too ...)
Yep, that's pretty much what I thought.
My criteria for these things (when they're tidy-ups, not security
fixes) is "will our code be better with this patch in it ?" and the
answer to me clearly is yes.
Jeremy.
More information about the samba-technical
mailing list