the cleartext password issue
Avram Dorfman
avram at juniper.net
Sat Jan 12 21:05:50 UTC 2002
Hello Everyone,
I've dealt with rancid-style packages for a while that I home-grew, before rancid came along, so I've faced this annoying clear-text password in a file issue many times before.
One way that I've considered handling it (although never actually implemented) is this:
Encrypt the password file, but rather than storing that key in a file, have a "daemon" process that you have to launch manually, which prompts for it. Then this process would simply keep it in memory, and be responsible for doing all the sensitive stuff.
I never implemented it for two reasons: 1) I couldn't think of a way to still get the scheduling benefits of cron, while having this process be the one that does everything, and 2) if someone hacks into the rancid user's account after an operator has manually launched the daemon, he could still subvert the process by mucking with the config files to direct rancid to login to a trojan horse, and steel the password there. Thus, the limiting factor is still the ability to become the rancid user.
But I thought I'd throw it out there in case anyone else can expand on it for a real solution.
-Avram
More information about the Rancid-discuss
mailing list