Hi,
Joao Eriberto Mota Filho <eribe...@debian.org> writes:
> Package: wnpp
> Severity: wishlist
> Owner: Joao Eriberto Mota Filho <eribe...@debian.org>
>
> * Package name : linssid
> Version : 2.7
> Upstream Author : Warren Severin <wseve...@warsev.com>
> * URL : https://sf.net/projects/linssid
I took a brief look at the source code and noticed that it leaks user's
password in the process list:
void MainForm::addInterfaces() {
...
commandLine = "echo \'" + password + "\' | sudo -kS -p \"\" " + commandLine;
...
if (system(commandLine.c_str()) == 0) {
-Timo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
