Hiding Passwords in Debug Output

Michael Lecuyer mjl at theorem.com
Fri Sep 22 19:44:48 CEST 2006


Debugging output is always a security exposure. Secure debugging 
wouldn't be all that helpful to the debugging process especially as 
seeing the plain text password may be the difference between solving a 
problem or not.

Perhaps 'redacted' debugging output is what you're after (for posting to 
the mailing list). Perhaps you could add a radiusd flag for that and 
change the debugging output accordingly.

Garber, Neal wrote:
> I understand that it is sometimes useful to display the plain-text 
> password in the debug output; however, I consider this a security 
> exposure.  I’d like to see a configuration option (e.g., 
> debug_show_passwords or something similar) with a default of no, that 
> when set to false/no would write “********” instead of a plain-text 
> password in debug output.  Currently, modules rlm_ldap, rlm_pap, and 
> perhaps others write the plain-text password in debug output.
> 
>  
> 
> Your thoughts?
> 
>  
> 
> Neal
> 
> 
> ------------------------------------------------------------------------
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list