Bug 54580

Summary: FTP install - IOError messages leak the password.
Product: [Retired] Red Hat Linux Reporter: Aleksey Nogin <aleksey>
Component: anacondaAssignee: Jeremy Katz <katzj>
Status: CLOSED DEFERRED QA Contact: Brock Organ <borgan>
Severity: medium Docs Contact:
Priority: low    
Version: 7.3CC: katzj, teg
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-21 18:48:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Aleksey Nogin 2001-10-12 21:46:28 UTC 
When doing an FTP install of Enigma I noticed that anaconda was printing
IOError messages from time to time (in the syslog console) and those
messages contained the complete URL of the package which included the
(slightly obscured) password. I would consider this a pretty minor problem,
but still...
Comment 1 Jeremy Katz 2001-11-26 22:14:56 UTC 
We just use the stock ftplib.py from python... Trond?
Comment 2 Trond Eivind Glomsrxd 2001-12-06 16:48:37 UTC 
Does the development installer (with the new python) show it as well? Also,
wouldn't the best way to handle that be within the installer? (catch the
exception) It's a very useful debugging tool, so I don't think we should change
the default behaviour.
Comment 3 Michael Fulbright 2002-03-26 17:45:27 UTC 
Deferring to future release.
Comment 4 Red Hat Bugzilla 2006-02-21 18:48:10 UTC 
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.