[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Duplicity-talk] duply shows sensitive data in process listing / ftp pas
From: |
edgar . soldin |
Subject: |
[Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes |
Date: |
Mon, 04 Jan 2010 12:44:29 +0100 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091204 Thunderbird/3.0 |
Happy new year to all and everybody,
I just received the attached bug report and think that this is a general
issue on multiuser systems with duplicity. I also don't see a way to
solve it within duply for backends that do not accept environment vars
for login credentials (e.g. like ftp).
Any ideas?
Wasn't there a piece of code that was meant to obfuscate this data? See
http://lists.gnu.org/archive/html/duplicity-talk/2009-10/msg00050.html
But this probably only obfuscates log output.
By the way: Ken did you recognize these?
a) the one mentioned above
b) http://lists.gnu.org/archive/html/duplicity-talk/2009-12/msg00028.html
kind regards ...ede
-------- Original Message --------
Bugs item #2925105, was opened at 2010-01-03 03:02
Message generated for change (Tracker Item Submitted) made by nobody
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1041147&aid=2925105&group_id=217745
Please note that this message will contain a full copy of the comment
thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: duply shows sensitive data in process listing
Initial Comment:
duply shows sensitive data in process listing:
ps -ef | grep duply
root 2512 2511 0 03:20 pts/2 00:00:04 /usr/bin/python2.6
/usr/bin/duplicity --verbosity 4 --encrypt-key FD3846C2 --sign-key
FD3846C2 --gpg-options= --exclude-globbing-filelist
/root/.duply/bkp/exclude /backup/
ftp://<user>:<PASSWORT>@<backupserver>/backup
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1041147&aid=2925105&group_id=217745
- [Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes,
edgar . soldin <=
- Re: [Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes, Tim Riemenschneider, 2010/01/04
- Re: [Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes, edgar . soldin, 2010/01/04
- Re: [Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes, Kenneth Loafman, 2010/01/04
- Re: [Duplicity-talk] duply shows sensitive data in process listing, edgar . soldin, 2010/01/05
- Re: [Duplicity-talk] duply shows sensitive data in process listing, Kenneth Loafman, 2010/01/05
- Re: [Duplicity-talk] duply shows sensitive data in process listing, Scott Hannahs, 2010/01/05
- Re: [Duplicity-talk] duply shows sensitive data in process listing, edgar . soldin, 2010/01/06
- Re: [Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes, Evan Jeffrey, 2010/01/28
- Re: [Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes, edgar . soldin, 2010/01/28