Re: [Duplicity-talk] duply shows sensitive data in process listing / ftp

duplicity-talk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] duply shows sensitive data in process listing / ftp

From:	Evan Jeffrey
Subject:	Re: [Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes
Date:	Thu, 28 Jan 2010 17:41:25 +0100
User-agent:	Thunderbird 2.0.0.23 (X11/20090817)

If you memset the argv area, it changes the parameters displayed by ps,at least. I don't know if that information is available anywhere else.In any case, it isn't really a great solution. There is still a windowof availability, and it isn't exactly hard to exploit if duplicity isinvoked from cron at a known time.


Evan


Kenneth Loafman wrote:

address@hidden wrote:

But what about the others? .. ede


All of the protocols except S3 should take the password from the
environment variable FTP_PASSWORD, however, if the user specifies it in
the URL, I don't know a way to obscure it from ps and friends.

...Ken

------------------------------------------------------------------------


_______________________________________________
Duplicity-talk mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/duplicity-talk

[Prev in Thread]

Current Thread

[Next in Thread]

[Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes, edgar . soldin, 2010/01/04
- Re: [Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes, Tim Riemenschneider, 2010/01/04
  - Re: [Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes, edgar . soldin, 2010/01/04
    - Re: [Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes, Kenneth Loafman, 2010/01/04
    - Re: [Duplicity-talk] duply shows sensitive data in process listing, edgar . soldin, 2010/01/05
    - Re: [Duplicity-talk] duply shows sensitive data in process listing, Kenneth Loafman, 2010/01/05
    - Re: [Duplicity-talk] duply shows sensitive data in process listing, Scott Hannahs, 2010/01/05
    - Re: [Duplicity-talk] duply shows sensitive data in process listing, edgar . soldin, 2010/01/06
    - Re: [Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes, Evan Jeffrey <=
    - Re: [Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes, edgar . soldin, 2010/01/28

Prev by Date: Re: [Duplicity-talk] the big 'picture' --or-- how to keep just one revision.
Next by Date: Re: [Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes
Previous by thread: Re: [Duplicity-talk] duply shows sensitive data in process listing
Next by thread: Re: [Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes
Index(es):
- Date
- Thread