Re: mc security exposure

From: Pavel Machek <pavel ucw cz>
To: George Toft <george georgetoft com>
Cc: mc gnome org
Subject: Re: mc security exposure
Date: Mon, 11 Feb 2002 13:04:53 +0000

Hi!

Symptom
Using the FTP feature of mc shows the password in the file transfer
screen.  See snippet below (sorry, the ASCII art didn't transfer well):

lqqqqqqqqqqqqqqqqqqqqqqqqqqq Copy qqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Copy 4 files with source mask:                             x
x *                                                      [^] x
x                                   [x] Using shell patterns x
x to:                                                        x
x /#ftp:mylogin:mypasswd georgetoft com/httpdocs/tautog  [^] x
x [ ] follow Links            [ ] Dive into subdir if exists x
x [x] preserve Attributes                [ ] Stable Symlinks x
x           [< Ok >]   [ Background ]   [ Cancel ]           x
x                                                            x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

(I edited my username and password for obvious reasons.)


That's okay... You might want to change username/password at this
point.

cd has some ugly code for handling passwords and not displaying them in
panels... It is probably bad idea to add more hacks to copy dialog.

                                                                Pavel
-- 
Philips Velo 1: 1"x4"x8", 300gram, 60, 12MB, 40bogomips, linux, mutt,
details at http://atrey.karlin.mff.cuni.cz/~pavel/velo/index.html.

References:
- mc security exposure
  - From: George Toft

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]