[PATCH] svn_load_dirs.pl: do not print password to screen (v2)

From: <geoffrey.alary_at_gmail.com>
Date: Mon, 15 Jul 2019 00:23:28 +1200

Hi,

> > > > It implements a security feature: to hide the password when printing
> > > > the command line to screen.
> > >
> > > I suggest to add a warning to usage() that passing the password in
> > > a command-line argument may make it visible to other local OS users.
> >
> > Do you mean that showing a warning message would be preferable to
> > actually fixing the problem?
>
> No. I think the warning and the asterisking are independent changes;
> I suppose we should make both of them.

This is the second version of the patch, including the suggestion from
Daniel.

Log message:
[[[
Do not print password to screen in svn_load_dirs.pl.

* contrib/client-side/svn_load_dirs/svn_load_dirs.pl.in
  (sanitize_pwd): New function.
  (safe_read_from_pipe, read_from_process): Update the sites printing
   the command line to screen to use sanitize_pwd.
  (usage): Warn that other local OS users may be able to see the
   password passed on the command-line.

Fix indentation; that is, replace the 2 tab occurrences by 8 spaces.
]]]

text/x-diff attachment: svn_load_dirs.pl-secfeat-hidepwd_v2.patch

Received on 2019-07-14 14:23:31 CEST

This message: [ Message body ]
Next message: Evgeny Kotkov: "Re: svn commit: r1863018 - /subversion/trunk/subversion/libsvn_subr/win32_crypto.c"
Previous message: Geoffrey Alary: "Re: [PATCH] svn_load_dirs.pl: do not print password to screen"
Next in thread: Julian Foad: "Re: [PATCH] svn_load_dirs.pl: do not print password to screen (v2)"
Reply: Julian Foad: "Re: [PATCH] svn_load_dirs.pl: do not print password to screen (v2)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]