[Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes

[edgar . soldin]

Happy new year to all and everybody,

I just received the attached bug report and think that this is a general 
issue on multiuser systems with duplicity. I also don't see a way to 
solve it within duply for backends that do not accept environment vars 
for login credentials (e.g. like ftp).

Any ideas?
Wasn't there a piece of code that was meant to obfuscate this data? See
http://lists.gnu.org/archive/html/duplicity-talk/2009-10/msg00050.html
But this probably only obfuscates log output.

By the way: Ken did you recognize these?
a) the one mentioned above
b) http://lists.gnu.org/archive/html/duplicity-talk/2009-12/msg00028.html

kind regards ...ede

-------- Original Message --------


Bugs item #2925105, was opened at 2010-01-03 03:02
Message generated for change (Tracker Item Submitted) made by nobody
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1041147&aid=2925105&group_id=217745

Please note that this message will contain a full copy of the comment 
thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: duply shows sensitive data in process listing

Initial Comment:
duply shows sensitive data in process listing:

ps -ef | grep duply
root      2512  2511  0 03:20 pts/2    00:00:04 /usr/bin/python2.6 
/usr/bin/duplicity --verbosity 4 --encrypt-key FD3846C2 --sign-key 
FD3846C2 --gpg-options= --exclude-globbing-filelist 
/root/.duply/bkp/exclude /backup/ 
ftp://<user>:<PASSWORT>@<backupserver>/backup

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1041147&aid=2925105&group_id=217745