Menu
▾
▴
[ xcat-Bugs-3364300 ] Do not display password on xCAT commands
|
From: SourceForge.net <no...@so...> - 2012-04-05 14:06:33
|
Bugs item #3364300, was opened at 2011-07-12 04:42 Message generated for change (Comment added) made by sjing You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=1006945&aid=3364300&group_id=208749 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: General Group: 2.7.1 Status: Open Resolution: Later Priority: 5 Private: No Submitted By: Lissa Valletta (lissav) Assigned to: Jing Sun (sjing) Summary: Do not display password on xCAT commands Initial Comment: I suggest all commands in xCAT which display database information ( e.g lsdef) should not display the passwords from the passwd table or any other table that holds a password. The field should exist but be xxxxxxx out. We may give authority to a non-root use to use lsdef. To see the password only root using one of the change functions or tabedit , There may be some command like tabdump that must allow the value. ---------------------------------------------------------------------- >Comment By: Jing Sun (sjing) Date: 2012-04-05 07:06 Message: I did an experiment for policy table. and wanted to deny the non-root user(loadl) from "lstree -H" command. According to http://sourceforge.net/apps/mediawiki/xcat/index.php?title=Granting_Users_xCAT_privileges, I ran "/opt/xcat/share/xcat/scripts/setup-local-client.sh loadl", and add a new entry in the policy table: "6","loadl",,"lstree",,"-H",,"deny",, but seems it does not work, the other flag, such as -s also denied. [root@935n03 ~]# su - loadl [loadl@935n03 ~]$ [loadl@935n03 ~]$ lstree -H Error: Permission denied for request [loadl@935n03 ~]$ [loadl@935n03 ~]$ lstree -s Error: Permission denied for request [loadl@935n03 ~]$ Did I miss any configuration? ---------------------------------------------------------------------- Comment By: Guang Cheng Li (ligc) Date: 2012-02-16 22:48 Message: I do not think we could fix this bug in 2.7. Moving out to 2.7.1. ---------------------------------------------------------------------- Comment By: Lissa Valletta (lissav) Date: 2011-07-14 05:52 Message: I actually think this is a bug. I would like to not display the password on our commands and do not relate it to password encryption at all. Currently lsdef displays passwords and it should not. I think password encryption is a development line item. This is a current bug and potential security hole in our code. We would not display the password even if it was encrypted. ---------------------------------------------------------------------- Comment By: Guang Cheng Li (ligc) Date: 2011-07-13 01:49 Message: Lissa, as we discussed in yesterday interlock meeting, we will need design work for the encrypted passwords in xCAT tables, I added a wishlist item for xCAT 2.7 for this item. Closing this bug out, we can not use this bug to do all the passwords related changes. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=1006945&aid=3364300&group_id=208749 |
