search for: dafdfba

Displaying 3 results from an estimated 3 matches for "dafdfba".

Did you mean: dafdfbae
2020 Jun 01
7
server: Fix reading passwords interactively.
https://bugzilla.redhat.com/show_bug.cgi?id=1842440 Patches 1 and 2 address fairly obvious bugs in how we handle reading passwords from stdin. There are other ways we may consider fixing these bugs: - Should password=- always open /dev/tty and ignore stdin entirely? - Should we make password=-0/-1/-2 work by skipping the close? Or perhaps reopen the file descriptors on /dev/null after
2020 Jun 01
0
[PATCH nbdkit 2/3] server: Disallow -FD for stdin/stdout/stderr.
...+(ie. C<-0>, C<-1> or C<-2>). The reason is that after reading the +password the file descriptor is closed, which causes bad stuff to +happen. + =head2 Safely interacting with stdin and stdout int nbdkit_stdio_safe (void); diff --git a/server/public.c b/server/public.c index dafdfbae..2e36e43a 100644 --- a/server/public.c +++ b/server/public.c @@ -433,8 +433,8 @@ nbdkit_read_password (const char *value, char **password) if (nbdkit_parse_int ("password file descriptor", &value[1], &fd) == -1) return -1; - if (fd == STDIN_FILENO && !nbd...
2020 Jun 01
0
[PATCH nbdkit 1/3] server: Disallow password=- from non-tty and fix error message (RHBZ#1842440).
...ding passwords + +If the password begins with a C<-> or C<+> character then it must be +passed in a file. + +C<password=-> can only be used when stdin is a terminal. =head2 Safely interacting with stdin and stdout diff --git a/server/public.c b/server/public.c index bcf1a3a2..dafdfbae 100644 --- a/server/public.c +++ b/server/public.c @@ -413,53 +413,18 @@ nbdkit_stdio_safe (void) } /* Read a password from configuration value. */ +static int read_password_interactive (char **password); static int read_password_from_fd (const char *what, int fd, char **password); int nb...