Re: Handling of raw passwords, quoting, escaping

To: debian-edu@lists.debian.org
Subject: Re: Handling of raw passwords, quoting, escaping
From: Petter Reinholdtsen <pere@hungry.com>
Date: Mon, 26 Mar 2012 22:38:42 +0200
Message-id: <[🔎] 20120326203842.GG7571@login1.uio.no>
In-reply-to: <[🔎] 4F70CCAE.6040702@pyro.eu.org>
References: <[🔎] 4F70CCAE.6040702@pyro.eu.org>

[Steven Chamberlain]
> And I worry there may be other issues, including:
> 
> * gosa-sync uses the raw passwords as processes arguments, which on a
> multi-user system means others (users or services) to read them via
> /proc or utilities like 'top', 'ps' or 'w'

gosa-sync is carefully constructed to never use the password as
process argument.  It is only available in the environment passed from
GOSA, a inline text string and in a temp file.

> * would reportbug accidentally disclose the raw passwords from debconf?

The clear text passwords are removed from debconf at the end of the
installation, so this should not happen if the installation is
successful.  See ldap-debian-edu-install for the code clearing the
passwords.

> * hashing of the root user's password in /etc/shadow is ineffective
> if the raw password can be obtained from debconf.

Which can't be done if the installation succeeded.

I agree that the password handling have been bad, but it isn't quite
as bad as you worry about. :)
- 
Happy hacking
Petter Reinholdtsen

Reply to:

Follow-Ups:
- Re: Handling of raw passwords, quoting, escaping
  - From: Steven Chamberlain <steven@pyro.eu.org>

References:
- Handling of raw passwords, quoting, escaping
  - From: Steven Chamberlain <steven@pyro.eu.org>

Prev by Date: Handling of raw passwords, quoting, escaping
Next by Date: Re: Handling of raw passwords, quoting, escaping
Previous by thread: Handling of raw passwords, quoting, escaping
Next by thread: Re: Handling of raw passwords, quoting, escaping
Index(es):
- Date
- Thread