-
-
Notifications
You must be signed in to change notification settings - Fork 350
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
drivers/main.c: storeval() should honour VAR_SENSITIVE and not publish its default/override values #1891
Comments
First, checked the visibility to not be a practical problem for the few variables (
So there is no
Here on one hand, it got exposed; on another - not used (driver treated Same for Practical uses of those existing sensitive values do not pass through the actual dstate, but are queried directly from |
As a side note, NUT variables use a structured (dot-separated) nomenclature. The default/override mechanism effectively allows to dump any string into those lists (e.g. |
The
The method itself has two parts: handles override/default essentially vs. dstate info only (no direct looks into |
…e/default right now [networkupstools#1891] Signed-off-by: Jim Klimov <[email protected]>
In the end, the solution is to do nothing :) Currently those overrides for certain |
…e/default right now [networkupstools#1891] Signed-off-by: Jim Klimov <[email protected]> Signed-off-by: Alex W Baulé <[email protected]>
Moderate security risk - possible credential leak, probably an unrealistic setup is needed to trigger it however.
Inspired by code revision in #1652
The text was updated successfully, but these errors were encountered: