Bug 469589

Summary: SECURITY: testsaslauthd requires plaintext password on command line
Product: [Fedora] Fedora Reporter: D. Wagner <daw-redhatbugzilla>
Component: cyrus-saslAssignee: Tomas Mraz <tmraz>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 9CC: tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-11-03 08:31:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description D. Wagner 2008-11-02 22:44:54 UTC 
Description of problem:

/usr/sbin/testsaslauthd requires the password to be specified on the command line with the -p flag in plaintext.  There is no provision to provide a password via any other mechanism.

This is a security vulnerability (testsaslauthd is "insecure by design").  Command-line arguments are visible to other users in 'ps'.  They are also recorded in .history files, so they will be stored to disk and may persist for an unpredictable amount of time.

You may be tempted to think that this doesn't matter because testsaslauthd is just for testing.  But it is a violation of my security policy to EVER type my password in a place that could cause it to be visible to others or stored in plaintext on my hard disk.  As a result testsaslauthd is not usable by those who must follow similar policies.

Suggestion: Provide a way to specify the password on stdin.


Version-Release number of selected component (if applicable):

# rpm -q -f /usr/sbin/testsaslauthd
cyrus-sasl-2.1.22-15.fc9.x86_64


How reproducible:

This functionality is part of the design of testsaslauthd so is 100% reproducible.


This is a security-related defect but there is no reason to keep it confidential, as the security vulnerability is obvious to anyone who uses the program or reads the manual page.
Comment 1 Tomas Mraz 2008-11-03 08:32:17 UTC 
Upstream bug https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3116