[PATCH 1/2] s3fs-popt: Add function to burn the commandline password.
Jeremy Allison
jra at samba.org
Mon Nov 5 13:20:42 MST 2012
On Tue, Nov 06, 2012 at 07:00:30AM +1100, Andrew Bartlett wrote:
>
> You miss my point. -U is covered, but the same behaviour
> (--user=abartlet%password) isn't.
That's an additional cleanup, if someone wants to do it.
> > So I'm planning to push it unless there are really serious
> > objections - I don't think this is a start of trying to
> > remove all races in this area - I'm guessing it's a
> > policy thing (try and reduce exposure of passwords
> > as much as possible).
> >
> > I'll wait until I get back on Wed before pushing to give
> > people time if they really want to object but this doesn't
> > seem a big deal to me.
>
> So, my point is that once we start on this, we create a rod for our own
> back.
Not so. This isn't a security fix, merely a code clean-up.
Our code is clearly better with this change in place, so
that's enough for me.
Jeremy.
More information about the samba-technical
mailing list