freeipa

Clone
Source Code
GIT

3b38efe ipa tools: remove sensitive material from the commandline

12 files Authored by abbra 2 months ago, Committed by antorres 2 months ago,
raw patch tree parent
12 files changed. 90 lines added. 21 lines removed.
install/oddjob/com.redhat.idm.trust-fetch-domains.in
file modified
+4 -1
install/tools/ipa-adtrust-install.in
file modified
+2 -1
install/tools/ipa-ca-install.in
file modified
+2 -0
install/tools/ipa-compat-manage.in
file modified
+4 -2
install/tools/ipa-csreplica-manage.in
file modified
+6 -6
install/tools/ipa-managed-entries.in
file modified
+3 -2
install/tools/ipa-replica-conncheck.in
file modified
+4 -3
install/tools/ipa-replica-manage.in
file modified
+7 -3
ipapython/admintool.py
file modified
+40 -0
ipaserver/install/ipa_migrate.py
file modified
+16 -1
ipaserver/install/ipa_restore.py
file modified
+1 -1
ipaserver/install/ipa_server_certinstall.py
file modified
+1 -1 
    ipa tools: remove sensitive material from the commandline
    
    When command line tools accept passwords, remove them from the command
    line so that they don't get visible in '/proc/pid/commandline'.
    
    There is no common method to access the original ARGV vector and modify
    it from Python. Since this mostly affects Linux systems where IPA
    services run, we expect use of GNU libc and thus can rely on internal
    glibc symbols. If they aren't available, the code will skip removing
    passwords.
    
    Fixes: CVE-2024-11029
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
file modified
+4 -1
file modified
+2 -1
file modified
+2 -0
file modified
+4 -2
file modified
+6 -6
file modified
+3 -2
file modified
+4 -3
file modified
+7 -3
file modified
+40 -0
file modified
+16 -1
file modified
+1 -1
file modified
+1 -1
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.