https://bugzilla.novell.com/show_bug.cgi?id=331043#c6
Christian Boltz changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |
--- Comment #6 from Christian Boltz 2007-10-09 05:49:44 MST ---
I'd like to highlight the usage of "echo |" and "expect" a bit (at least the
usage I expect).
The fact that "expect" can still feed the password to su it isn't really
relevant IMHO because:
- "expect" is usually not used by newbies, and experts hopefully know what they
are risking
- you can call any password prompt (root password? encrypted partition? SSH key
passphrase? GPG key passphrase?) useless when arguing with expect.
- you can even consider passwords useless at all if people have physical access
to the machine (hint: init=/bin/bash)
OTOH, "echo password | su" can be easily run by newbies.
- It's the next "logical" step after learning what the pipe does
- I don't think everybody who can use the pipe knows about the security risks
when passing along the password this way
- "echo password | su" might even end up in the bash history
Summary: If su wouldn't read STDIN, 90% of the people [cw]ouldn't use this
insecure way. Only the remaining 10% (or even less) know about expect.
Additionally, most of these 10% won't take the risk and/or know better
solutions (like allowing a specific command to run passwordless with sudo).
So there will be a risk reduction of >90% with this change. We all know that
it's nearly impossible to have a 100% secure system, so let's at least have a
90% secure one ;-)
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.