On Wednesday 04 August 2010, Thibaut Girka wrote: > He starts the installation in front of the computer, sets a password, > that happen to be its daily-use one.
That's not very smart, is it? > Then, an untrustworthy colleague goes to the computer, and just > reads /var/lib/cdebconf/questions.dat: installer's password is there, > plain, clear text. Did you actually check this? The password templates are of type 'password' and thus the value should be in /var/lib/cdebconf/passwords.dat (and thus encoded) instead of in plain text in questions.dat. After testing I cannot find the password in questions.dat... Also, if you look at the postinst script for network-console, you'll see that the template already *is* cleared after the password is asked. The above is valid when the component is used interactively. The only case in which AFAICT what you describe can be true is when the template is preseeded [1] while the network-console component is not yet loaded (because then the template could be created as a regular template instead of as a password one). As preseeding passwords in itself already lowers security, I don't really think this is an important bug. Please verify that you really do see readable passwords and describe the exact scenario (architecture / image / installation method used) in which you do. Cheers, FJP [1] Certainly when preseeded at the boot prompt and maybe also when preseeded using a preseed file. In the last case the template type 'password' can be specified, but I'm not 100% sure whether that is honored or not. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
