[#CORE-867] gbak should change param0 to not show username/password in ps axf

Firebird Core

gbak should change param0 to not show username/password in ps axf

Created: 23/Jul/06 03:31 PM Updated: 26/Dec/07 10:45 AM

Component/s:

GBAK

Affects Version/s:

1.5.0, 1.5.1, 1.5.2, 1.5.3, 2.0 Beta 1, 2.0 RC1, 2.0 Beta 2, 2.0 RC2, 2.0 RC3

Fix Version/s:

2.1 Beta 1

Time Tracking:

Issue & Sub-Tasks

Issue Only

Not Specified

Environment:

standard unix/linux

Sub-Tasks:

All

Open

~~Reading password from file/stdin~~

Closed

Alexander Peshkov

Description

« Hide

When you run gbak, other users can see your (or SYSDBA's) password during backup. Changing the param 0 only to i.e. gbak will solve this problem (some security kernel patches, i think aren't the best way).

All

Comments

Work Log

Change History

Version Control

Subversion Commits

Sort Order:

[ Permalink | « Hide ]

dbi added a comment - 23/Jul/06 05:53 PM

Please note that wiping command line parameters only makes it harder to discover the password. The long-term/secure solution is to prompt for passwords or read them from file. This would involve adding command-line switches, though.

And, this is not gbak-specific. All command-line utilities which support -password parameter are vulnerable.

[ Permalink | « Hide ]

Jiri Cincura added a comment - 23/Jul/06 07:08 PM

Yes, I know, but this makes a little bit harder to see password.
I've created subtask for nreading password from file/input.

[ Permalink | « Hide ]

Alexander Peshkov added a comment - 25/Apr/07 09:31 AM

All firebird utilities replace argv[PASSWORD] with *