Red Hat Bugzilla – Bug 235198
ipmitool doesn't propose to hide the key as '-a' does for password.
Last modified: 2015-03-04 20:18:31 EST
Description of problem:
When using ipmitool, a user can authenticate with a key and/or a password.
If the user does not want to have his/her password shown in a ps listing, they
can use the option '-a' to be prompted for it and not appear in the PID/cmdline.
But if they want to use a key, this one will be always shown... as there is no
possibility to be prompted for the key.
I believe this is a bug and could be treated as a very low security issue as
sysadmins do not want users to know their IPMI key.
Version-Release number of selected component (if applicable):
OpenIPMI-1.4.14 - ipmitool-1.8.7
Steps to Reproduce:
1. ipmitool -v -k 12345323 -U root -a -H x4600-ilom.gsslab.rdu.redhat.com shell
25470 pts/0 S+ 0:00 ipmitool -v -k 12345323 -U root -a -H
ps shows the key.
An option to avoid that key, -K with this patch.
Created attachment 151658 [details]
This patch allows the user to run :
ipmitool -v -K -U root -a -H x4600-ilom.gsslab.rdu.redhat.com shell
And get prompted:
so in ps they get :
7291 pts/0 S+ 0:00 ipmitool -v -K -U root -a -H
instead so the key is hidden.
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
Good patch. Devel ACK.
Read ya, Phil
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.