+++ This bug was initially created as a clone of Bug #235198 +++ Description of problem: When using ipmitool, a user can authenticate with a key and/or a password. If the user does not want to have his/her password shown in a ps listing, they can use the option '-a' to be prompted for it and not appear in the PID/cmdline. But if they want to use a key, this one will be always shown... as there is no possibility to be prompted for the key. I believe this is a bug and could be treated as a very low security issue as sysadmins do not want users to know their IPMI key. Version-Release number of selected component (if applicable): OpenIPMI-1.4.14 - ipmitool-1.8.7 How reproducible: Always Steps to Reproduce: 1. ipmitool -v -k 12345323 -U root -a -H x4600-ilom.gsslab.rdu.redhat.com shell 2. ps 25470 pts/0 S+ 0:00 ipmitool -v -k 12345323 -U root -a -H x4600-ilom.gsslab.rdu.redhat.com shell Actual results: ps shows the key. Expected results: An option to avoid that key, -K with this patch. Additional info: http://sourceforge.net/tracker/index.php?func=detail&aid=1694175&group_id=95200&atid=610553 Sent upstream. -- Additional comment from jplans on 2007-04-04 09:50 EST -- Created an attachment (id=151658) ipmitool-K-enhancement.patch -- Additional comment from jplans on 2007-04-04 09:53 EST -- This patch allows the user to run : ipmitool -v -K -U root -a -H x4600-ilom.gsslab.rdu.redhat.com shell And get prompted: Key: Password: so in ps they get : 7291 pts/0 S+ 0:00 ipmitool -v -K -U root -a -H x4600-ilom.gsslab.rdu.redhat.com shell instead so the key is hidden.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0330.html