Password is passed to smbclient via plaintext on the command line

Question

Password is passed to smbclient via plaintext on the command line

kylophone opened this issue 7 years ago · 3 comments

When opening a new sambal connection, the password is leaked into the process table and is visible to anybody running ps on the server.

Answer 1 · 2017-07-18T09:22:47.000Z

This might be possible to fix by using the pty driver for password input instead. Don't have much time myself I'm afraid.

Answer 2 · 2017-07-18T16:17:12.000Z

smbclient also lets you supply creds via a file as well, that could be an option. Also, maybe passing it via an environment variable could work?

Answer 3 · 2018-05-23T16:55:05.000Z

Possibly. Patches are welcome. Unfortunately I don't do much (or any) Ruby development anymore and I don't generally use smb either so I'm not that involved in this project.