Bug 293091

Summary: Please erase the password in address space as soon as it is used
Product: [Fedora] Fedora Reporter: Lubomir Kundrak <lkundrak>
Component: ncftpAssignee: Matthias Saou <matthias>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: matthias
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442840
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-09-25 08:37:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lubomir Kundrak 2007-09-17 12:05:01 UTC 
The ncftp part: argv[] or anything else should not contain the plaintext
password no longer that it is absolutely needful. Some programs just overwrite
the password with '*' characters or something similar, and it won't be pointless
also here.

+++ This bug was initially created as a clone of Bug #293081 +++

Description of problem:

When duplicity's FTP backend calls ncftp, it passws the password argument via
command line. That's bad -- anyone can see that. On the other side, it's a very
good practice to overwrite the password string in the address space wfter it's
used, though it can still be viewed under a time-dependent race condition,
that's why I am cloning this to ncftp also.

Additional info:

See URL for the Deban BTS entry [1] for more details.
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442840
Comment 1 Lubomir Kundrak 2007-09-17 12:06:19 UTC 
If ncftp uses the password multiple times, please copy it away from argv[] and
overwrite the argv[] substring. Also, please modify the manual to emphasize that
passing the password via command line is unsafe.
Comment 2 Matthias Saou 2007-09-17 12:17:56 UTC 
This is really not the best place for these kind of bug reports : I am not the
upstream author, and this isn't a Fedora specific problem at all.

Please go through the official contact method to report the problem :
http://www.ncftp.com/contact/ncftp.html

I'll be more than happy to include an official patch or update to a new version
once the problem is fixed upstream.
Comment 3 Lubomir Kundrak 2007-09-17 15:21:12 UTC 
I have a problem with a Fedora package, so I did report this to my usptream,
which is the Fedora project :)

I did no research on whether this is a Fedora specific problem and have no idea
whether upstream would accept the fix. I would say it's up to maintainer.

Anyways, the problem seems simple, so if you don't feel like fixing it or
communicating it to the upstream, please don't close the bug, but reassign it to me.
Comment 4 Matthias Saou 2007-09-24 11:58:50 UTC 
Reassigning to you, then.
I'll also drop a line to Mike Gleason (the author) about this.
Comment 5 Matthias Saou 2007-09-25 08:37:23 UTC 
Got an answer from Mike :
"Perhaps he's using an older version; we already erase it as soon as  
possible:

                 case 'p':
                         (void) STRNCPY(gConn.pass, opt.arg);    /*  
Don't recommend doing this! */
                         memset(opt.arg, '*', strlen(opt.arg));
                         break;
"

Indeed, I just tried "ncftp -uftp -pftp ftp" and see :

27179 pts/1    S+     0:00 ncftp -u*** -p*** ftp

So closing as NOTABUG.