Bug 54580 - FTP install - IOError messages leak the password.
Summary: FTP install - IOError messages leak the password.
Status: CLOSED DEFERRED
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: anaconda
Version: 7.3
Hardware: i386
OS: Linux
low
medium
Target Milestone: ---
Assignee: Jeremy Katz
QA Contact: Brock Organ
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-10-12 21:46 UTC by Aleksey Nogin
Modified: 2007-03-27 03:49 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2006-02-21 18:48:10 UTC


Attachments (Terms of Use)

Description Aleksey Nogin 2001-10-12 21:46:28 UTC
When doing an FTP install of Enigma I noticed that anaconda was printing
IOError messages from time to time (in the syslog console) and those
messages contained the complete URL of the package which included the
(slightly obscured) password. I would consider this a pretty minor problem,
but still...

Comment 1 Jeremy Katz 2001-11-26 22:14:56 UTC
We just use the stock ftplib.py from python... Trond?

Comment 2 Trond Eivind Glomsrxd 2001-12-06 16:48:37 UTC
Does the development installer (with the new python) show it as well? Also,
wouldn't the best way to handle that be within the installer? (catch the
exception) It's a very useful debugging tool, so I don't think we should change
the default behaviour.

Comment 3 Michael Fulbright 2002-03-26 17:45:27 UTC
Deferring to future release.

Comment 4 Red Hat Bugzilla 2006-02-21 18:48:10 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.


Note You need to log in before you can comment on or make changes to this bug.