[PATCH 1/2] s3fs-popt: Add function to burn the commandline password.

Jeremy Allison jra at samba.org
Mon Nov 5 13:20:42 MST 2012

On Tue, Nov 06, 2012 at 07:00:30AM +1100, Andrew Bartlett wrote:
> You miss my point.  -U is covered, but the same behaviour
> (--user=abartlet%password) isn't. 

That's an additional cleanup, if someone wants to do it.

> > So I'm planning to push it unless there are really serious
> > objections - I don't think this is a start of trying to
> > remove all races in this area - I'm guessing it's a
> > policy thing (try and reduce exposure of passwords
> > as much as possible).
> > 
> > I'll wait until I get back on Wed before pushing to give
> > people time if they really want to object but this doesn't
> > seem a big deal to me.
> So, my point is that once we start on this, we create a rod for our own
> back.  

Not so. This isn't a security fix, merely a code clean-up.
Our code is clearly better with this change in place, so
that's enough for me.


More information about the samba-technical mailing list