[Libosinfo] [libosinfo PATCH 0/2] Do not expose user & admin password in the command line

Fabiano Fidêncio Fri, 05 Jul 2019 01:28:23 -0700

Those two patches introduce a fix for a low impact CVE where both user
& admin password would be passed to the osinfo-install-script via
command line.


In order to avoid doing so, let's introduce a --config-file and error
out whenever a password is passed via --config.

Fabiano Fidêncio (2):
  tools,install-script: Add --config-file (-f) option
  tools,install-script: Do not accept user & admin password via --config

 tools/osinfo-install-script.c | 111 +++++++++++++++++++++++++++++++++-
 1 file changed, 108 insertions(+), 3 deletions(-)

-- 
2.21.0

_______________________________________________
Libosinfo mailing list
Libosinfo@redhat.com
https://www.redhat.com/mailman/listinfo/libosinfo

[Libosinfo] [libosinfo PATCH 0/2] Do not expose user & admin password in the command line

Reply via email to