[MXS-1683] Commands that take passwords should allow input from stdin and not just from controlling terminals Created: 2018-02-22 Updated: 2018-03-06 Resolved: 2018-03-06 |
|
| Status: | Closed |
| Project: | MariaDB MaxScale |
| Component/s: | maxadmin, maxpasswd |
| Affects Version/s: | 2.2.2 |
| Fix Version/s: | 2.2.3 |
| Type: | Bug | Priority: | Major |
| Reporter: | Richard Lane | Assignee: | markus makela |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Sprint: | MXS-SPRINT-53 |
| Description |
|
We use installation scripts to configure maxscale, including adding encrypted passwords to /etc/maxscale.cnf using maxpasswd. Requiring a password to be passed to maxpasswd on the command line exposes a security risk if someone is able to ps -ef during the running of this command (however short of a time) and expose the password. To get around this, we would like to pass the password to maxpasswd and maxadmin via stdin from a python script, which would never allow the password to be exposed. Maxadmin currently allows the password to be passed in stdin, but it will fail if not being run on a terminaal (does tcsetattr). You can attempt to do tcgetattr/tcsetaddr but should not fail if being run on controlling terminal, maybe just print a warning at most. |
| Comments |
| Comment by markus makela [ 2018-02-25 ] |
|
I believe that changing the error into a warning and logging it before the actual password is written is a good solution. This will give the user the chance to stop early and prevent the password from leaking if terminal attribute manipulation failed. |
| Comment by markus makela [ 2018-03-02 ] |
|
Some extra changes are required, the problem still appears if the editline library is used. |
| Comment by markus makela [ 2018-03-05 ] |
|
Refactored some of the code to allow non-editline use in systems that have it. |