[PATCH][1/2] hal-luks-setup-linux: fix/cleanup password handling
David Zeuthen
david at fubar.dk
Wed Jan 31 14:31:16 PST 2007
On Sat, 2007-01-13 at 20:20 +0100, Danny Kukawka wrote:
> Hi,
>
> this patch remove unused sanitizing of the password in the linux
> hal-liks-setup script. Sanitize the password is not needed and reduce the
> strength of strong passwords if used.
>
> Also added changed usage of the password within "" to prevent the shell from
> performing word splitting and pathname expansion.
Looks good to me; I was paranoid about the following
#!/bin/sh
read foo
echo $foo
and the caller passing in e.g.
`echo owned | passwd --stdin root`
but it seems this attack is not really possible yes? I couldn't
reproduce it anyway so if you agree go ahead and commit it please.
Thanks.
David
More information about the hal
mailing list