Package: openchangeclient Version: 1:2.2-7 Severity: wishlist mapiprofile and openchangeclient want the password to be passed on the command line, which in most systems is visible to other users (e.g. in "ps aux" output). It's secure on Linux if /proc is mounted with the hidepid option, but that's not the default and can break other software.
The programs should have a way to read the password from an environment variable or a file (possibly a /dev/fd path referring to an unlinked tmpfs file). - Michael -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.1.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages openchangeclient depends on: ii libc6 2.19-22 ii libical1a 1.0.1-0.1 ii libldb1 2:1.1.20-2 ii libmagic1 1:5.25-2 ii libmapi0 1:2.2-7 ii libmapiadmin0 1:2.2-7 ii libocpf0 1:2.2-7 ii libpopt0 1.16-10 ii libsubunit0 0.0.18-4 ii libtalloc2 2.1.3-1 ii libtevent0 0.9.25-2 ii samba-libs 2:4.1.17+dfsg-4 openchangeclient recommends no packages. Versions of packages openchangeclient suggests: ii perl 5.20.2-6 -- no debconf information
signature.asc
Description: PGP signature
--------------------------------------------------------------------- This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
