Univention Bugzilla – Bug 56332
26univention-samba.inst calls smbpasswd with machine/ldap secret visible in process list
Last modified: 2023-11-06 15:19:27 CET
26univention-samba.inst calls smbpasswd with machine/ldap secret visible in process list: services/univention-samba/26univention-samba.inst: smbpasswd -w "$(< /etc/machine.secret)" services/univention-samba/26univention-samba.inst: smbpasswd -w "$(< /etc/ldap.secret)" smbpasswd doesn't provide a "-y" password file option.
(In reply to Florian Best from comment #0) > smbpasswd doesn't provide a "-y" password file option. Instead "-W" can be used. MR: https://git.knut.univention.de/univention/ucs/-/merge_requests/847
smbpasswd -W is not used. univention-samba.yaml 49e9b678a30c | fix(samba): do not leak password in process list univention-samba (14.0.9-2) 49e9b678a30c | fix(samba): do not leak password in process list
Verified: * Code review * Package update * Advisory
<https://errata.software-univention.de/#/?erratum=5.0x864>