On 13-Nov-01 Robert Watson wrote:
> On Mon, 12 Nov 2001, John Baldwin wrote:
>> What if someone comments out a line in the password file of a user? 
>> Then this won't hide that password.  When this originally went in, it
>> took a long while to get a sed line people were happy with.  Replacing
>> the version number is a minor thing, but getting it to work perfectly
>> may be a bit difficult.  If you do this, I'd rather you make sed handle
>> the $FreeBSD$ case as a completely separate case, so something like: sed
>> -e '/\$FreeBSD\$/; //s/blah blah/blah/' or some such (I forget how sed
>> does multiple expressions). 
> My temptation would actually be to ignore any commented lines in either
> file for the purposes of the diff.  For the purposes of security checking,
> you care mostly about the uncommented lines.  This would allow the script
> to exclude content when it didn't understand its semantics (and hence
> might risk revealing information it wasn't intended to).

So if some (admittedly weird) sysadmin temporarily comments out a password line
then the next day we will broadcast that crypted password in plaintext e-mail?


John Baldwin <[EMAIL PROTECTED]>  <><  http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to