Bug 704297

Summary: rhn-channel can only take the password leaking it to "ps auxw" and storing it in .bash_history
Product: Red Hat Enterprise Linux 5 Reporter: Paul Wouters <pwouters>
Component: rhn-client-toolsAssignee: Milan Zázrivec <mzazrivec>
Status: CLOSED DUPLICATE QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 5.5   
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-13 07:05:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Paul Wouters 2011-05-12 17:34:24 UTC 
Description of problem:
One cannot use rhn-channel -p to get prompted for the password.
So anyone who can see ps output or get to root's bash_history can
grab the rhn-channel user/password

Version-Release number of selected component (if applicable):
rhn-client-tools-0.4.20-33.el5_5.2

This is a security risk
Comment 1 Milan Zázrivec 2011-05-13 07:05:35 UTC 
This issue will be addressed with the release of RHEL-5.7.

*** This bug has been marked as a duplicate of bug 641029 ***