ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 43941] New: - Security note for sshexec downgrades security
Date Thu, 22 Nov 2007 17:40:07 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43941>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43941

           Summary: Security note for sshexec downgrades security
           Product: Ant
           Version: 1.7.0
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Optional Tasks
        AssignedTo: dev@ant.apache.org
        ReportedBy: lukrez@gmx.at


The security note for the optional task "sshexec" advises to specify login name
and password on the command line:

  Invoke ant with the following command line:
    ant -Dusername=me -Dpassword=mypassword target1 target2

This command line will be visible to users on the same machine who can retrieve
a listing of currently running programs (including their command line) using "ps
-elf", for example.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message