On Mon, 12 Nov 2001, John Baldwin wrote:

> What if someone comments out a line in the password file of a user? 
> Then this won't hide that password.  When this originally went in, it
> took a long while to get a sed line people were happy with.  Replacing
> the version number is a minor thing, but getting it to work perfectly
> may be a bit difficult.  If you do this, I'd rather you make sed handle
> the $FreeBSD$ case as a completely separate case, so something like: sed
> -e '/\$FreeBSD\$/; //s/blah blah/blah/' or some such (I forget how sed
> does multiple expressions). 

My temptation would actually be to ignore any commented lines in either
file for the purposes of the diff.  For the purposes of security checking,
you care mostly about the uncommented lines.  This would allow the script
to exclude content when it didn't understand its semantics (and hence
might risk revealing information it wasn't intended to).

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
[EMAIL PROTECTED]      NAI Labs, Safeport Network Services

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to