Red Hat Bugzilla – Bug 1019888
vpnc: cisco-decrypt should be able to read the password from standard input
Last modified: 2014-11-12 17:27:18 EST
The current approach based on the command line leaks the password to local users because it's (briefly) visible in /proc.
I just pushed a new vpnc version to updates-testing (for Fedora 20 and 21). I think your issue is still present there but maybe you can confirm that?
It sounds to me as if the feature you described is not present for the upstream code. If that's the case I'd like to encourage you to report the problem upstream as I'm a bit hesitant to add Fedora-only patches :-)
I think upstream sort-of fixed this here:
“r545 | Antonio Borneo | 2014-02-18 06:09:52 +0100 (Tue, 18 Feb 2014) | 32 lines
support password helper”
It may still be difficult to integrate this with NetworkManager etc., but they can ship their own password helper program to solve this.
Wait, no cisco-decrypt is still unchanged.
So this means they have some kind of password helper support but not in cisco-decrypt? Would you mind posting your request on the upstream mailing list so at least some people might be aware of the problem?
moving to rawhide as this bug isn't specific to F19 but a general enhancement.
Just for reference: question on upstream mailing list is http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2014-November/004136.html