[PATCH 0/4] Burn commandline password of client utils.

Andreas Schneider asn at samba.org
Mon Oct 29 14:12:12 MDT 2012


We support specifiying a password on the commandline with the -U option. If
you use this feature then it is possible to see the password in the 'ps aux'
output. The following patchset cleans up the client popt handling and adds a
function which removes the password from the commandline after arguments have
been processed. This still has a flaw cause between the execution start and the
burning of the password you can still get it. But as the time between start and
burning is pretty low it is unlikely.

However if you enter an interactive session the password is shown for several
seconds or minutes.

The password is completely removed, so if someone changes the code and the
function will be called to early the client utils will ask for the password.

The following patches will arrive after this mail:

[PATCH 1/4] s3fs-net: Use talloc for memory allocation.
[PATCH 2/4] s3fs-utils: Free the popt context in smbcacls and
[PATCH 3/4] s3fs-popt: Add function to burn the commandline
[PATCH 4/4] s3fs-client: Burn commandline password of client utils.



More information about the samba-technical mailing list