Bug 15289 - password redaction in samba-tool proc title is broken
Summary: password redaction in samba-tool proc title is broken
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Python (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Douglas Bagnall
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-01-20 05:52 UTC by Douglas Bagnall
Modified: 2023-03-09 20:18 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Douglas Bagnall 2023-01-20 05:52:30 UTC
Samba-tool tries to redact --password arguments from the command line, which it currently does by trying to replace the --password=secret123 argument with the exact string "--password=xxx". Unfortunately it does this using a regular expression that includes the password:

 pass_opt_re_str = "(.*[ ]+)(%s[= ]%s)([ ]*.*)" % (opt_str, secret_data)

and if the password contains a character like '(', which breaks the regex. samba-tool will fail with a long stack trace. If your password happens to contain some clever pathological backtracking regex, it will be slow. Also, if your password is actually "xxx" it will not be successfully redacted.

This was reported at https://bugs.launchpad.net/bugs/2002949 by Renaud Miel,
and brought to the attention of the Samba team by Seth Arnold of Canonical.
Comment 1 Douglas Bagnall 2023-01-20 06:14:45 UTC
This is not a security concern. Even if an attacker can convince you to use a problematic password (perhaps with "must include special characters"), it only really denies you access to an inherently insecure usage. Don't use --password.
Comment 2 Demi Marie Obenour 2023-03-06 00:22:40 UTC
(In reply to Douglas Bagnall from comment #1)
Time to rip out `--password`?
Comment 3 Andrew Bartlett 2023-03-06 02:12:12 UTC
(In reply to Demi Marie Obenour from comment #2)
This is used extensively in our selftest system, and regardless we don't remove existing functionality like this.
Comment 4 Douglas Bagnall 2023-03-09 20:18:56 UTC
https://gitlab.com/samba-team/samba/-/merge_requests/2902 is the related MR.