Hi,
Joao Eriberto Mota Filho <[email protected]> writes:
> Package: wnpp
> Severity: wishlist
> Owner: Joao Eriberto Mota Filho <[email protected]>
>
> * Package name : linssid
> Version : 2.7
> Upstream Author : Warren Severin <[email protected]>
> * URL : https://sf.net/projects/linssid
I took a brief look at the source code and noticed that it leaks user's
password in the process list:
void MainForm::addInterfaces() {
...
commandLine = "echo \'" + password + "\' | sudo -kS -p \"\" " + commandLine;
...
if (system(commandLine.c_str()) == 0) {
-Timo
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: https://lists.debian.org/[email protected]
