[systemd-devel] [PATCH] ask-password: Add --do-echo to enable echoing the user input
"Jóhann B. Guðmundsson"
johannbg at gmail.com
Tue Sep 30 08:19:07 PDT 2014
On 09/30/2014 02:26 PM, Tom Gundersen wrote:
> On Wed, Sep 17, 2014 at 2:26 PM, David Sommerseth <davids at redhat.com> wrote:
>> I've been playing with the systemd feature enabled in OpenVPN. And I
>> propose this change to systemd-ask-password to avoid masking usernames.
>> I tried looking for alternative ways querying for usernames through
>> systemd without finding a good solution.
>>
>> This patch has been tested locally on a slightly modified OpenVPN build
>> which calls systemd-ask-password with --do-echo when it queries the user
>> for usernames.
>>
>> If there are better ways how to solve this, please let me know and I'll
>> go that path instead.
> Similar comments to the other patch (not sure whether or not this api
> extensions should be done or not), but for the patch itself I suggest
> using --echo, rather than --do-echo, and I guess we need to update the
> manpage.
Hmm will this make that password visible to anyone who can watch the
user monitor?
If that is the case then this is an bad practice since nothing should
ever echo the input for passwords in cleartext thus making it visible on
the end user monitor or store the password itself in cleartext in the
journal ( was that checked? ) and this wont pass any kind of audit
compliance administrators and users might have to comply to in their
infrastructure...
JBG
More information about the systemd-devel
mailing list