Re: FTP password visibility fixes


> I noticed that the new mc maintainer for Red Hat/Fedora, Jindrich Novy
> has made some patches to hide the FTP password in various dialogs. See
> and
> , "[RFE] hide password
> in directory hotlist URL".
> I requested Jindrich to create a fix to hide the password in the
> directory hotlist. Maybe it's a good idea to apply these patches before
> 4.6.1, as they are security related. Anybody cares to test these
> patches?

There is some issues discussed at bugzilla.

But attached patch has to be applied just now.

Andrew V. Samoilov.

2004-10-07  Jindrich Novy  <jnovy redhat com>

	* util.c (strip_password): Add "/#sh:".

--- util.c~	Tue Sep 28 09:17:59 2004
+++ util.c	Thu Oct  7 00:24:17 2004
@@ -405,7 +405,7 @@ string_perm (mode_t mode_bits)
                    the password.
    has_prefix = 1: Search p for known url prefixes. If found delete
                    the password from the url. 
-                   Cavevat: only the first url is found
+                   Caveat: only the first url is found
 char *
 strip_password (char *p, int has_prefix)
@@ -417,6 +417,7 @@ strip_password (char *p, int has_prefix)
 		     {"/#mc:", 5},
 		     {"ftp://";, 6},
 		     {"/#smb:", 6},
+		     {"/#sh:", 5}
     char *at, *inner_colon, *dir;
     size_t i;

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]