http://qa.mandrakesoft.com/show_bug.cgi?id=6219
------- Additional Comments From [EMAIL PROTECTED] 2003-05-11 19:16 ------- On Monday 03 November 2003 06:37 am, [gc] wrote: Your right, it's not a huge deal and at the standard security level a normal user cannot view /var/log/messages. So there's no worries there. However, in a more business environment is it normal for a sysadmin to know or find out what a users password maybe? Thanks for taking a look at this. That was the first time I had tried using bugzilla or any method of reporting a bug, so I apologize for the duplication. -- Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. ------- Reminder: ------- assigned_to: [EMAIL PROTECTED] status: RESOLVED creation_date: description: I have the 9.2 rpms on another machine setup for ftp. When I install a program from there rpmdrake shows the users password in /var/log/messages. Here is an example; t 23 10:14:39 sidney rpmdrake[5270]: Installing package ftp://dveatch:[EMAIL PROTECTED]//mnt/pcserver/ml92/Mandrake/RPMS/draksync-9.0-3mdk.noarch.rpm No that's not my real password. Granted only root can view that file but I don't think root should be able to see that info.
