Bug 293091 - Please erase the password in address space as soon as it is used
Please erase the password in address space as soon as it is used
Product: Fedora
Classification: Fedora
Component: ncftp (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Matthias Saou
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-09-17 08:05 EDT by Lubomir Kundrak
Modified: 2007-11-30 17:12 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-09-25 04:37:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Lubomir Kundrak 2007-09-17 08:05:01 EDT
The ncftp part: argv[] or anything else should not contain the plaintext
password no longer that it is absolutely needful. Some programs just overwrite
the password with '*' characters or something similar, and it won't be pointless
also here.

+++ This bug was initially created as a clone of Bug #293081 +++

Description of problem:

When duplicity's FTP backend calls ncftp, it passws the password argument via
command line. That's bad -- anyone can see that. On the other side, it's a very
good practice to overwrite the password string in the address space wfter it's
used, though it can still be viewed under a time-dependent race condition,
that's why I am cloning this to ncftp also.

Additional info:

See URL for the Deban BTS entry [1] for more details.
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442840
Comment 1 Lubomir Kundrak 2007-09-17 08:06:19 EDT
If ncftp uses the password multiple times, please copy it away from argv[] and
overwrite the argv[] substring. Also, please modify the manual to emphasize that
passing the password via command line is unsafe.
Comment 2 Matthias Saou 2007-09-17 08:17:56 EDT
This is really not the best place for these kind of bug reports : I am not the
upstream author, and this isn't a Fedora specific problem at all.

Please go through the official contact method to report the problem :

I'll be more than happy to include an official patch or update to a new version
once the problem is fixed upstream.
Comment 3 Lubomir Kundrak 2007-09-17 11:21:12 EDT
I have a problem with a Fedora package, so I did report this to my usptream,
which is the Fedora project :)

I did no research on whether this is a Fedora specific problem and have no idea
whether upstream would accept the fix. I would say it's up to maintainer.

Anyways, the problem seems simple, so if you don't feel like fixing it or
communicating it to the upstream, please don't close the bug, but reassign it to me.
Comment 4 Matthias Saou 2007-09-24 07:58:50 EDT
Reassigning to you, then.
I'll also drop a line to Mike Gleason (the author) about this.
Comment 5 Matthias Saou 2007-09-25 04:37:23 EDT
Got an answer from Mike :
"Perhaps he's using an older version; we already erase it as soon as  

                 case 'p':
                         (void) STRNCPY(gConn.pass, opt.arg);    /*  
Don't recommend doing this! */
                         memset(opt.arg, '*', strlen(opt.arg));

Indeed, I just tried "ncftp -uftp -pftp ftp" and see :

27179 pts/1    S+     0:00 ncftp -u*** -p*** ftp

So closing as NOTABUG.

Note You need to log in before you can comment on or make changes to this bug.