[Pkg-samba-maint] Bug#800608: mapiprofile: has no secure way to accept password

Michael Gold mgold at qnx.com
Thu Oct 1 16:08:43 UTC 2015


Package: openchangeclient
Version: 1:2.2-7
Severity: wishlist

mapiprofile and openchangeclient want the password to be passed on the
command line, which in most systems is visible to other users (e.g. in
"ps aux" output).  It's secure on Linux if /proc is mounted with the
hidepid option, but that's not the default and can break other software.

The programs should have a way to read the password from an environment
variable or a file (possibly a /dev/fd path referring to an unlinked
tmpfs file).

- Michael


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openchangeclient depends on:
ii  libc6          2.19-22
ii  libical1a      1.0.1-0.1
ii  libldb1        2:1.1.20-2
ii  libmagic1      1:5.25-2
ii  libmapi0       1:2.2-7
ii  libmapiadmin0  1:2.2-7
ii  libocpf0       1:2.2-7
ii  libpopt0       1.16-10
ii  libsubunit0    0.0.18-4
ii  libtalloc2     2.1.3-1
ii  libtevent0     0.9.25-2
ii  samba-libs     2:4.1.17+dfsg-4

openchangeclient recommends no packages.

Versions of packages openchangeclient suggests:
ii  perl  5.20.2-6

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20151001/d141f65c/attachment.sig>
-------------- next part --------------
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.


More information about the Pkg-samba-maint mailing list