704297 – rhn-channel can only take the password leaking it to "ps auxw" and storing it in .bash_history

Bug 704297 - rhn-channel can only take the password leaking it to "ps auxw" and storing it in .bash_history

Summary: rhn-channel can only take the password leaking it to "ps auxw" and storing it...

Keywords:
Status:	CLOSED DUPLICATE of bug 641029
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	rhn-client-tools
Sub Component:
Version:	5.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Milan Zázrivec
QA Contact:	Red Hat Satellite QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-05-12 17:34 UTC by Paul Wouters
Modified:	2011-05-13 07:05 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-05-13 07:05:35 UTC
Target Upstream Version:
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Paul Wouters 2011-05-12 17:34:24 UTC

Description of problem:
One cannot use rhn-channel -p to get prompted for the password.
So anyone who can see ps output or get to root's bash_history can
grab the rhn-channel user/password

Version-Release number of selected component (if applicable):
rhn-client-tools-0.4.20-33.el5_5.2

This is a security risk

Comment 1 Milan Zázrivec 2011-05-13 07:05:35 UTC

This issue will be addressed with the release of RHEL-5.7.

*** This bug has been marked as a duplicate of bug 641029 ***

Note You need to log in before you can comment on or make changes to this bug.