#2986 PR `merged`: Do not leak the SSH_ROOT_PASSWORD value into the log file¶

Labels: fixed / solved / done, critical / security / legal

jsmeix opened issue at 2023-05-12 11:31:¶

Do not leak the SSH_ROOT_PASSWORD value into the log file:
In build/default/500_ssh_setup.sh
rescue/default/500_ssh.sh
restore/YUM/default/970_set_root_password.sh
restore/ZYPPER/default/970_set_root_password.sh
run commands that deal with SSH_ROOT_PASSWORD
in a confidential way via

{ confidential_command ; } 2>/dev/null

see https://github.com/rear/rear/issues/2967

This fixes by the way also ZYPPER_ROOT_PASSWORD and YUM_ROOT_PASSWORD, see
https://github.com/rear/rear/issues/2967#issuecomment-1545593787

jsmeix commented at 2023-05-12 12:03:¶

@rear/contributors
I would like to merge it on Monday afternoon
unless there are objections, see also
https://github.com/rear/rear/pull/2985#issuecomment-1545287239

[Export of Github issue for rear/rear.]

#2986 PR merged: Do not leak the SSH_ROOT_PASSWORD value into the log file¶

jsmeix opened issue at 2023-05-12 11:31:¶

jsmeix commented at 2023-05-12 12:03:¶

#2986 PR `merged`: Do not leak the SSH_ROOT_PASSWORD value into the log file¶