[PATCH 1/2] s3fs-popt: Add function to burn the commandline password.
Andreas Schneider
asn at samba.org
Fri Nov 9 02:06:19 MST 2012
On Thursday 08 November 2012 12:55:32 you wrote:
> On Thu, Nov 08, 2012 at 09:43:51PM +0100, Jelmer Vernooij wrote:
> > Hi Andreas, Jeremy,
> >
> > On Tue, 2012-11-06 at 09:27 +0100, Andreas Schneider wrote:
> > > Signed-off-by: Andreas Schneider <asn at samba.org>
> > > ---
> > >
> > > source3/include/popt_common.h | 1 +
> > > source3/lib/popt_common.c | 47
> > > +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 48
> > > insertions(+)
> > >
> > > diff --git a/source3/include/popt_common.h
> > > b/source3/include/popt_common.h
> > > index 2125ed6..5266f36 100644
> > > --- a/source3/include/popt_common.h
> > > +++ b/source3/include/popt_common.h
> > > @@ -49,5 +49,6 @@ extern const struct poptOption
> > > popt_common_dynconfig[];
> > >
> > > #define POPT_COMMON_OPTION { NULL, 0, POPT_ARG_INCLUDE_TABLE,
> > > popt_common_option, 0, "Common samba commandline config:", NULL },
> > >
> > > void popt_common_set_auth_info(struct user_auth_info *auth_info);
> > >
> > > +void popt_burn_cmdline_password(int argc, char *argv[]);
> >
> > Looking at this code again, I'm not sure I understand what this does
> > exactly.
> >
> > Right after parsing the username with included password, we already take
> > care of erasing the password in memory in argv (see
> > source3/lib/popt_common.c:555). What this do exactly that isn't covered
> > by that code? Am I misunderstanding the current code?
>
> I wasn't aware of that code in source3/lib/popt_common.c:555.
The code works on puser which is a duplicated memory:
545 »·······»·······»·······char *puser = SMB_STRDUP(arg);
> It does look like it's doing something similar.
It burns the password in memory before freeing puser.
> Andreas, can you check if this has the same effect (I just
> checked that the password part of the argv was erased by
> the patch, I didn't check if it was already being done
> somewhere else :-).
It is something different.
-- andreas
--
Andreas Schneider GPG-ID: F33E3FC6
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list