sudosh2

Tracker: Bugs

8 input log contains passwords - ID: 1941976

Last Update: Comment added ( squash )

Details:

as the input log is practically reading the keyboard, any password typed
during a sudosh session is stored in the input trace. Ok, the files are
only readable by root, but still I don't feel confident to have cleartext
passwords anywhere on the system.

As a workaround I currently disabled all input logging.

My idea would be: as soon as the tty is in non-echo mode don't log any
keystrokes. Is this possible?

Submitted:

Georges Kesseler ( gunstick ) - 2008-04-14 12:25

Priority:

Status:

Open

Resolution:

None

Assigned:

Nobody/Anonymous

Category:

None

Group:

None

Visibility:

Public

Comment ( 1 )

Date: 2008-04-29 12:22 Sender: squash Sorry for the delay - for whatever reason I am not getting tracker alerts. I will look into adding an option for not recording keyboard input for those folks whose auditing requirements allow it. This should be a relatively easy change, while giving you 98% of the functionality otherwise.

Log in to comment.

Attached File

Change ( 1 )

Field	Old Value	Date	By
priority	5	2008-04-14 12:26	gunstick

sudosh2

Tracker: Bugs

Comment ( 1 )

Log in to comment.

Attached File

No Files Currently Attached

Change ( 1 )

About SourceForge

Find Software

Develop Software

Community

Help