You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ant.apache.org by bu...@apache.org on 2007/11/22 18:40:07 UTC

DO NOT REPLY [Bug 43941] New: - Security note for sshexec downgrades security

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43941>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43941

           Summary: Security note for sshexec downgrades security
           Product: Ant
           Version: 1.7.0
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Optional Tasks
        AssignedTo: dev@ant.apache.org
        ReportedBy: lukrez@gmx.at


The security note for the optional task "sshexec" advises to specify login name
and password on the command line:

  Invoke ant with the following command line:
    ant -Dusername=me -Dpassword=mypassword target1 target2

This command line will be visible to users on the same machine who can retrieve
a listing of currently running programs (including their command line) using "ps
-elf", for example.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org

DO NOT REPLY [Bug 43941] - Security note for sshexec downgrades security

Posted by bu...@apache.org.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43941>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43941


bodewig@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|dev@ant.apache.org          |notifications@ant.apache.org




-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org