From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) Gecko/20030516 Mozilla Firebird/0.6 Description of problem: If you set up an SMB printer using the GUI (i did), you can see the clear text password in the process list: [user@machine user]$ ps xauwww | grep smb root 3027 0.0 0.3 4516 1736 ? S 14:57 0:00 smb://user:password@DOMAIN/machine/HP-108 17 user (stdin) 1 cpi=12 lpi=7 page-bottom=36 page-left=36 page-right=36 page-top=36 scaling=100 wrap Version-Release number of selected component (if applicable): redhat-config-printer-0.6.47.9-1 How reproducible: Always Steps to Reproduce: 1. Setup smb printer 2. ps xauwww | grep smb 3. View the password Actual Results: You can see the password Expected Results: Password should be ******** Additional info:
*** Bug 113349 has been marked as a duplicate of this bug. ***
Using CUPS'w web interface you can see the password looking at the priter's details also (RH9 at least).
*** Bug 111771 has been marked as a duplicate of this bug. ***
smbspool can take a device URI three ways: in argv[0], in argv[1], or in the DEVICE_URI environment variable. Using DEVICE_URI instead of passing it on the command line should hide sensitive information from all uses.
Not only that, but it *must* use DEVICE_URI since cups now masks the authentication details out from the URI it passes as argv[0]. This has been the case for a couple of releases now, I'm sure.