From 17a0ddad0862b9a8113af43345b4997b79a916ed Mon Sep 17 00:00:00 2001 From: Chris Hofstaedtler Date: Tue, 3 Apr 2018 10:37:43 +0200 Subject: [PATCH] dnsdist: warn about -k in /proc/x/cmdline --- pdns/dnsdist.cc | 3 ++- pdns/dnsdistdist/docs/manpages/dnsdist.1.rst | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc index dd116a438..3434f4c18 100644 --- a/pdns/dnsdist.cc +++ b/pdns/dnsdist.cc @@ -2011,7 +2011,8 @@ static void usage() #ifdef HAVE_LIBSODIUM cout<<"-k,--setkey KEY Use KEY for encrypted communication to dnsdist. This\n"; cout<<" is similar to setting setKey in the configuration file.\n"; - cout<<" NOTE: this will leak this key in your shell's history!\n"; + cout<<" NOTE: this will leak this key in your shell's history\n"; + cout<<" and in the systems running process list.\n"; #endif cout<<"--check-config Validate the configuration file and exit. The exit-code\n"; cout<<" reflects the validation, 0 is OK, 1 means an error.\n"; diff --git a/pdns/dnsdistdist/docs/manpages/dnsdist.1.rst b/pdns/dnsdistdist/docs/manpages/dnsdist.1.rst index fab321ff7..41f734323 100644 --- a/pdns/dnsdistdist/docs/manpages/dnsdist.1.rst +++ b/pdns/dnsdistdist/docs/manpages/dnsdist.1.rst @@ -56,8 +56,9 @@ Options -k , --setkey When operating as a client(**-c**, **--client**), use *key* as shared secret to connect to dnsdist. This should be the same key that is used on the server (set with **setKey()**). Note that this - will leak the key into your shell's history. Only available when - dnsdist is compiled with libsodium support. + will leak the key into your shell's history and into the systems + running process list. Only available when dnsdist is compiled with + libsodium support. -e, --execute Connect to dnsdist and execute *command*. -h, --help Display a helpful message and exit. -l, --local
Bind to *address*, Supply as many addresses (using multiple -- 2.40.0