On 13-Nov-01 Robert Watson wrote: > > On Mon, 12 Nov 2001, John Baldwin wrote: > >> >> What if someone comments out a line in the password file of a user? >> Then this won't hide that password. When this originally went in, it >> took a long while to get a sed line people were happy with. Replacing >> the version number is a minor thing, but getting it to work perfectly >> may be a bit difficult. If you do this, I'd rather you make sed handle >> the $FreeBSD$ case as a completely separate case, so something like: sed >> -e '/\$FreeBSD\$/; //s/blah blah/blah/' or some such (I forget how sed >> does multiple expressions). > > My temptation would actually be to ignore any commented lines in either > file for the purposes of the diff. For the purposes of security checking, > you care mostly about the uncommented lines. This would allow the script > to exclude content when it didn't understand its semantics (and hence > might risk revealing information it wasn't intended to).
So if some (admittedly weird) sysadmin temporarily comments out a password line then the next day we will broadcast that crypted password in plaintext e-mail? -- John Baldwin <[EMAIL PROTECTED]> <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
