* Dan Langille <[EMAIL PROTECTED]> [2008-07-22 18:02]: > Tullio Andreatta ML wrote: > > Dan Langille wrote: > >> This post deals with old and already fixed security issues. They are > >> fixed in Bacula. They may not be fixed in the reported vendor code, > >> in this case Gentoo. > >> > >> I noticed these two security reports today: > >> > >> http://www.securityfocus.com/archive/1/494604 > >> http://www.net-security.org/advisory.php?id=9098 > >> > >> I have replied to the first one, directing them to the original > >> problem report: http://bugs.bacula.org/view.php?id=990 > >> > >> NOTE: this issue was first documented in 2005 by the Bacula project. > >> The documentation contains several examples as to how to avoid this > >> situation. > > > > I modified the make_catalog_backup to provide db password on stdin. > > Then I call the script with > > (echo password; exec sleep 1) | make_catalog_backup bacula bacula - > > to hide the password on the command line. > > I'm not convinced this solves the problem. The password is still > available publicly, via ps auwx, for a short time.
https://bugs.gentoo.org/show_bug.cgi?id=196834#c3 -- Regards, Wolfram Schlich <[EMAIL PROTECTED]> Gentoo Linux * http://dev.gentoo.org/~wschlich/ ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Bacula-devel mailing list Bacula-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-devel
