Bug 1019888 - vpnc: cisco-decrypt should be able to read the password from standard input
vpnc: cisco-decrypt should be able to read the password from standard input
Status: NEW
Product: Fedora
Classification: Fedora
Component: vpnc (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Christian Krause
Fedora Extras Quality Assurance
: FutureFeature
Depends On:
Blocks: 1019890
  Show dependency treegraph
 
Reported: 2013-10-16 11:04 EDT by Florian Weimer
Modified: 2014-11-12 17:27 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Florian Weimer 2013-10-16 11:04:23 EDT
The current approach based on the command line leaks the password to local users because it's (briefly) visible in /proc.
Comment 1 Felix Schwarz 2014-11-10 04:42:00 EST
I just pushed a new vpnc version to updates-testing (for Fedora 20 and 21). I think your issue is still present there but maybe you can confirm that?

It sounds to me as if the feature you described is not present for the upstream code. If that's the case I'd like to encourage you to report the problem upstream as I'm a bit hesitant to add Fedora-only patches :-)
Comment 2 Florian Weimer 2014-11-10 05:09:31 EST
I think upstream sort-of fixed this here:

“r545 | Antonio Borneo | 2014-02-18 06:09:52 +0100 (Tue, 18 Feb 2014) | 32 lines

support password helper”

It may still be difficult to integrate this with NetworkManager etc., but they can ship their own password helper program to solve this.
Comment 3 Florian Weimer 2014-11-10 05:10:56 EST
Wait, no cisco-decrypt is still unchanged.
Comment 4 Felix Schwarz 2014-11-10 05:18:18 EST
So this means they have some kind of password helper support but not in cisco-decrypt? Would you mind posting your request on the upstream mailing list so at least some people might be aware of the problem?
Comment 5 Felix Schwarz 2014-11-10 05:19:42 EST
moving to rawhide as this bug isn't specific to F19 but a general enhancement.
Comment 6 Felix Schwarz 2014-11-12 17:27:18 EST
Just for reference: question on upstream mailing list is http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2014-November/004136.html

Note You need to log in before you can comment on or make changes to this bug.