From: Chris Hofstaedtler Date: Tue, 3 Apr 2018 08:37:43 +0000 (+0200) Subject: dnsdist: warn about -k in /proc/x/cmdline X-Git-Tag: dnsdist-1.3.1~181^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=17a0ddad0862b9a8113af43345b4997b79a916ed;p=thirdparty%2Fpdns.git dnsdist: warn about -k in /proc/x/cmdline --- diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc index dd116a4388..3434f4c182 100644 --- a/pdns/dnsdist.cc +++ b/pdns/dnsdist.cc @@ -2011,7 +2011,8 @@ static void usage() #ifdef HAVE_LIBSODIUM cout<<"-k,--setkey KEY Use KEY for encrypted communication to dnsdist. This\n"; cout<<" is similar to setting setKey in the configuration file.\n"; - cout<<" NOTE: this will leak this key in your shell's history!\n"; + cout<<" NOTE: this will leak this key in your shell's history\n"; + cout<<" and in the systems running process list.\n"; #endif cout<<"--check-config Validate the configuration file and exit. The exit-code\n"; cout<<" reflects the validation, 0 is OK, 1 means an error.\n"; diff --git a/pdns/dnsdistdist/docs/manpages/dnsdist.1.rst b/pdns/dnsdistdist/docs/manpages/dnsdist.1.rst index fab321ff7e..41f7343238 100644 --- a/pdns/dnsdistdist/docs/manpages/dnsdist.1.rst +++ b/pdns/dnsdistdist/docs/manpages/dnsdist.1.rst @@ -56,8 +56,9 @@ Options -k , --setkey When operating as a client(**-c**, **--client**), use *key* as shared secret to connect to dnsdist. This should be the same key that is used on the server (set with **setKey()**). Note that this - will leak the key into your shell's history. Only available when - dnsdist is compiled with libsodium support. + will leak the key into your shell's history and into the systems + running process list. Only available when dnsdist is compiled with + libsodium support. -e, --execute Connect to dnsdist and execute *command*. -h, --help Display a helpful message and exit. -l, --local
Bind to *address*, Supply as many addresses (using multiple