Closed GoogleCodeExporter closed 9 years ago
I realized later that you can work around this by using the /etc/passwd-s3fs
file. Feel free to close this out.
Original comment by warbirdc...@gmail.com
on 17 Jun 2010 at 4:33
This appears to be a security hole. I researched this a little bit and could
not find how to prevent the process table from picking up the command line
options. (one way was to use a wrapper, ugly).
An easy way to plug this hole to is to force the usage of a password file. Of
course, not every user has write access to /etc/passwd-s3fs, so providing a
default location in the user's home directory is an option as well as providing
a command line option to specify the location of the file.
Any other ideas?
Original comment by dmoore4...@gmail.com
on 21 Oct 2010 at 4:05
Mainly a question for Randy and Adrian: How do you feel about closing this
security hole but removing the command line options that specify the keys?
There are now several other ways for non-privileged users to specify
credentials without exposing them.
Original comment by dmoore4...@gmail.com
on 8 Nov 2010 at 4:01
Original comment by dmoore4...@gmail.com
on 20 Nov 2010 at 6:09
This issue was closed by revision r243.
Original comment by dmoore4...@gmail.com
on 21 Nov 2010 at 1:30
Original issue reported on code.google.com by
warbirdc...@gmail.com
on 17 Jun 2010 at 2:42