From: Kern Sibbald Date: Mon, 22 Oct 2007 21:48:14 +0000 (+0000) Subject: kes Add a security warning to src/cats/make_catalog_backup.in indicating X-Git-Tag: Release-3.0.0~2359 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=4aaf2bd8bb38ff67bec233dcf53681fd9e35e24d;p=bacula%2Fbacula kes Add a security warning to src/cats/make_catalog_backup.in indicating that passing the password via the command line (arg 3) is insecure. This responds to bug #990 (it doesn't fix it). git-svn-id: https://bacula.svn.sourceforge.net/svnroot/bacula/trunk@5780 91ce42f0-d328-0410-95d8-f526ca767f89 --- diff --git a/bacula/src/cats/make_catalog_backup.in b/bacula/src/cats/make_catalog_backup.in index 18c2821608..98b1ae3387 100755 --- a/bacula/src/cats/make_catalog_backup.in +++ b/bacula/src/cats/make_catalog_backup.in @@ -8,7 +8,11 @@ # $2 is the user name with which to access the database # (default = bacula). # $3 is the password with which to access the database or "" if no password -# (default "") +# (default ""). WARNING!!! Passing the password via the command line is +# insecure and should not be used since any user can display the command +# line arguments and the environment using ps. Please consult your +# MySQL or PostgreSQL manual for secure methods of specifying the +# password. # $4 is the host on which the database is located # (default "") # @@ -31,7 +35,7 @@ else else MYSQLHOST="" fi - ${BINDIR}/mysqldump -u $2$MYSQLPASSWORD$MYSQLHOST -f --opt $1 >$1.sql + ${BINDIR}/mysqldump -u ${2}${MYSQLPASSWORD}${MYSQLHOST} -f --opt $1 >$1.sql else if test xpostgresql = x@DB_TYPE@ ; then if test $# -gt 2; then diff --git a/bacula/technotes-2.3 b/bacula/technotes-2.3 index ab0169ce3c..2b93b10088 100644 --- a/bacula/technotes-2.3 +++ b/bacula/technotes-2.3 @@ -1,6 +1,10 @@ Technical notes on version 2.3 General: +22Oct07 +kes Add a security warning to src/cats/make_catalog_backup.in indicating + that passing the password via the command line (arg 3) is insecure. + This responds to bug #990 (it doesn't fix it). 19Oct07 kes Set default debug_level to zero. This corrects bugs #991 and #993. kes Fix a crash in bat when it cannot connect to the Director for example