[jboss-jira] [JBoss JIRA] (SECURITY-774) Enable white-space in parameters for external password command
Ivo Studensky (JIRA)
issues at jboss.org
Tue Dec 17 08:14:33 EST 2013
[ https://issues.jboss.org/browse/SECURITY-774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12932047#comment-12932047 ]
Ivo Studensky commented on SECURITY-774:
----------------------------------------
Peter, could you review and commit the attached patch please? Thanks.
> Enable white-space in parameters for external password command
> --------------------------------------------------------------
>
> Key: SECURITY-774
> URL: https://issues.jboss.org/browse/SECURITY-774
> Project: PicketBox
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: JBossSX
> Affects Versions: JBossSecurity_2.0.5.Final
> Reporter: Ivo Studensky
> Assignee: Ivo Studensky
> Fix For: JBossSecurity_2.0.6.Final
>
> Attachments: SECURITY-774.patch
>
>
> This is a backport of SECURITY-771 to the jbosssx 2.0.x branch.
> The original description:
> The current implementation of the loading the external password by a command uses Runtime.exec() which denies to pass a parameter which contains a white-space to the command, see {{\{EXT\}}} in org.jboss.security.Util#loadPassword(String).
> It would be nice to provide a new implementation based on ProcessBuilder.
> For example, various ssh-askpass implementations requires a parameter like 'Enter passphrase for ...'. Without the ability to directly pass such a parameter customers are pushed to create a "script in the middle" which makes their application unnecessarily complicated.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list