Bug 293091 - Please erase the password in address space as soon as it is used
Summary: Please erase the password in address space as soon as it is used
Alias: None
Product: Fedora
Classification: Fedora
Component: ncftp   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Matthias Saou
QA Contact: Fedora Extras Quality Assurance
URL: http://bugs.debian.org/cgi-bin/bugrep...
Depends On:
TreeView+ depends on / blocked
Reported: 2007-09-17 12:05 UTC by Lubomir Kundrak
Modified: 2007-11-30 22:12 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-09-25 08:37:23 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Lubomir Kundrak 2007-09-17 12:05:01 UTC
The ncftp part: argv[] or anything else should not contain the plaintext
password no longer that it is absolutely needful. Some programs just overwrite
the password with '*' characters or something similar, and it won't be pointless
also here.

+++ This bug was initially created as a clone of Bug #293081 +++

Description of problem:

When duplicity's FTP backend calls ncftp, it passws the password argument via
command line. That's bad -- anyone can see that. On the other side, it's a very
good practice to overwrite the password string in the address space wfter it's
used, though it can still be viewed under a time-dependent race condition,
that's why I am cloning this to ncftp also.

Additional info:

See URL for the Deban BTS entry [1] for more details.
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442840

Comment 1 Lubomir Kundrak 2007-09-17 12:06:19 UTC
If ncftp uses the password multiple times, please copy it away from argv[] and
overwrite the argv[] substring. Also, please modify the manual to emphasize that
passing the password via command line is unsafe.

Comment 2 Matthias Saou 2007-09-17 12:17:56 UTC
This is really not the best place for these kind of bug reports : I am not the
upstream author, and this isn't a Fedora specific problem at all.

Please go through the official contact method to report the problem :

I'll be more than happy to include an official patch or update to a new version
once the problem is fixed upstream.

Comment 3 Lubomir Kundrak 2007-09-17 15:21:12 UTC
I have a problem with a Fedora package, so I did report this to my usptream,
which is the Fedora project :)

I did no research on whether this is a Fedora specific problem and have no idea
whether upstream would accept the fix. I would say it's up to maintainer.

Anyways, the problem seems simple, so if you don't feel like fixing it or
communicating it to the upstream, please don't close the bug, but reassign it to me.

Comment 4 Matthias Saou 2007-09-24 11:58:50 UTC
Reassigning to you, then.
I'll also drop a line to Mike Gleason (the author) about this.

Comment 5 Matthias Saou 2007-09-25 08:37:23 UTC
Got an answer from Mike :
"Perhaps he's using an older version; we already erase it as soon as  

                 case 'p':
                         (void) STRNCPY(gConn.pass, opt.arg);    /*  
Don't recommend doing this! */
                         memset(opt.arg, '*', strlen(opt.arg));

Indeed, I just tried "ncftp -uftp -pftp ftp" and see :

27179 pts/1    S+     0:00 ncftp -u*** -p*** ftp

So closing as NOTABUG.

Note You need to log in before you can comment on or make changes to this bug.