Updated debdiff. :-Dustin
** Attachment added: "ecryptfs-utils.debdiff" http://launchpadlibrarian.net/18820520/ecryptfs-utils.debdiff -- ecryptfs-setup-private potentially exposes passwords in the process table https://bugs.launchpad.net/bugs/287908 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in “ecryptfs-utils” source package in Ubuntu: In Progress Bug description: Binary package hint: ecryptfs-utils ecryptfs-setup-private potentially exposes passwords in the process table. There are two calls in ecryptfs-setup-private to helper utilities: * ecryptfs-wrap-passphrase * ecryptfs-add-passphrase that use passwords on the command line. There is a small yet real possibility that these passwords could be exposed on the process table momentarily. To fix this problem, we need to: a) patch both ecryptfs-wrap-passphrase and ecryptfs-add-passphrase to take passphrases on stdin b) modify the callers to use a dash/bash builtin function (such as echo or printf) to send this passphrases to those utilities on standard in Thanks to Jamie Strandboge for the bug report. :-Dustin _______________________________________________ Mailing list: https://launchpad.net/~ecryptfs Post to : [email protected] Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
