Closed
Description
Assuming a scenario where the password is entered interactively on stdin.
- The password is passed to restic in an environment variable. This means it is readable to other processes by the same user (https://security.stackexchange.com/questions/14000/environment-variable-accessibility-in-linux/14009#14009, https://restic.readthedocs.io/en/stable/faq.html#how-can-i-specify-encryption-passwords-automatically)
- The password is logged to
~/.local/share/redu/logs/*.log, as part of the command line:15:03:35 [INFO] redu::restic: running "RESTIC_PASSWORD="secret password" "restic" "--repo" "sftp:some-host:some/path" "--json" " cat" "config"" (pid 29773)
In $PR you will find a fix by passing the password using stdin.
In addition, users should be informed.
Would it be a good idea to automatically remove/rewrite existing log files containing passwords?