Re: FTP password visibility fixes

From: "Andrew V. Samoilov" <andrew email zp ua>
To: mc-devel gnome org
Cc: Leonard den Ottolander <leonard den ottolander nl>
Subject: Re: FTP password visibility fixes
Date: Thu, 7 Oct 2004 02:48:19 +0300 (EEST)

Hi,

> I noticed that the new mc maintainer for Red Hat/Fedora, Jindrich Novy
> has made some patches to hide the FTP password in various dialogs. See
> http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131088 and
> http://www.pavelsh.pp.ru/wiki/doku.php?id=mc-bugs , "[RFE] hide password
> in directory hotlist URL".
> 
> I requested Jindrich to create a fix to hide the password in the
> directory hotlist. Maybe it's a good idea to apply these patches before
> 4.6.1, as they are security related. Anybody cares to test these
> patches?

There is some issues discussed at bugzilla.

But attached patch has to be applied just now.

-- 
Regards,
Andrew V. Samoilov.

src/ChangeLog:

2004-10-07  Jindrich Novy  <jnovy redhat com>

	* util.c (strip_password): Add "/#sh:".

--- util.c~	Tue Sep 28 09:17:59 2004
+++ util.c	Thu Oct  7 00:24:17 2004
@@ -405,7 +405,7 @@ string_perm (mode_t mode_bits)
                    the password.
    has_prefix = 1: Search p for known url prefixes. If found delete
                    the password from the url. 
-                   Cavevat: only the first url is found
+                   Caveat: only the first url is found
 */ 
 char *
 strip_password (char *p, int has_prefix)
@@ -417,6 +417,7 @@ strip_password (char *p, int has_prefix)
 		     {"/#mc:", 5},
 		     {"ftp://";, 6},
 		     {"/#smb:", 6},
+		     {"/#sh:", 5}
     };
     char *at, *inner_colon, *dir;
     size_t i;

References:
- FTP password visibility fixes
  - From: Leonard den Ottolander

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]