[MXS-1683] Commands that take passwords should allow input from stdin and not just from controlling terminals - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 2.2.2
Fix Version/s: 2.2.3
Component/s: maxadmin, maxpasswd
Labels:
None

Sprint:
MXS-SPRINT-53

Description

We use installation scripts to configure maxscale, including adding encrypted passwords to /etc/maxscale.cnf using maxpasswd. Requiring a password to be passed to maxpasswd on the command line exposes a security risk if someone is able to ps -ef during the running of this command (however short of a time) and expose the password.

To get around this, we would like to pass the password to maxpasswd and maxadmin via stdin from a python script, which would never allow the password to be exposed. Maxadmin currently allows the password to be passed in stdin, but it will fail if not being run on a terminaal (does tcsetattr). You can attempt to do tcgetattr/tcsetaddr but should not fail if being run on controlling terminal, maybe just print a warning at most.

Attachments

Activity

People

Assignee:: markus makela

Reporter:: Richard Lane

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2018-02-22 18:09

Updated:: 2018-03-06 12:44

Resolved:: 2018-03-06 12:44

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

5h 2m

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.