Hi, > > Then, an untrustworthy colleague goes to the computer, and just > > reads /var/lib/cdebconf/questions.dat: installer's password is there, > > plain, clear text. > > Did you actually check this? The password templates are of type 'password' > and thus the value should be in /var/lib/cdebconf/passwords.dat (and thus > encoded) instead of in plain text in questions.dat.
Well, you can still db_get the password, can't you? > Also, if you look at the postinst script for network-console, you'll see > that the template already *is* cleared after the password is asked. Oh, my bad, you're right. I've actually read it, but for some reason, I overlooked the exact thing I was searching for... > The only case in which AFAICT what you describe can be true is when the > template is preseeded [1] while the network-console component is not yet > loaded (because then the template could be created as a regular template > instead of as a password one). As preseeding passwords in itself already > lowers security, I don't really think this is an important bug. > > Please verify that you really do see readable passwords and describe the > exact scenario (architecture / image / installation method used) in which > you do. As said earlier, I was, for some reason, sure that the postinst script didn't clear the passwords... So, please ignore this first "issue", as it wasn't here in the first place. Regards, Thibaut Girka.
signature.asc
Description: This is a digitally signed message part
