[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Duplicity-tracker] [bug #22049] Enhancement: use the .netrc of current

From: anonymous
Subject: [Duplicity-tracker] [bug #22049] Enhancement: use the .netrc of current user to access FTP authentication
Date: Fri, 18 Jan 2008 17:26:38 +0000
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20071126 Ubuntu/dapper-security Firefox/


                 Summary: Enhancement: use the .netrc of current user to
access FTP authentication
                 Project: duplicity
            Submitted by: None
            Submitted on: Friday 01/18/2008 at 17:26 UTC
                Category: None
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any



Passing the FTP authentication via environment variable potentially reveals
the password to local users, if the environment is visible in the process
list. An alternative to the environment variable would be to pass the
authentication information with an external file that has properly restrictive
permissions set.

The standard location for FTP authentication data is the .netrc file in users
home directory. This is easily accessible, because there is already a module
for parsing that file.

Attached to this submission is a preliminary patch outlining the basic
procedure. It does not do any error checking when the netrc parser fails, and
it overrides any user-submitted authentication with the netrc information if
found. For unattended backups it works quite well though.


File Attachments:

Date: Friday 01/18/2008 at 17:26 UTC  Name: duplicity.patch  Size: 1kB   By:
Incomplete patch against 0.4.1


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]