On 13-Nov-01 Robert Watson wrote: > > On Tue, 13 Nov 2001, John Baldwin wrote: > >> > My temptation would actually be to ignore any commented lines in either >> > file for the purposes of the diff. For the purposes of security checking, >> > you care mostly about the uncommented lines. This would allow the script >> > to exclude content when it didn't understand its semantics (and hence >> > might risk revealing information it wasn't intended to). >> >> So if some (admittedly weird) sysadmin temporarily comments out a >> password line then the next day we will broadcast that crypted password >> in plaintext e-mail? > > Not sure I follow. I was suggesting that any line beginning with '#' be > excluded from the diffing, since the script can't know if information in > the comment is sensitive or not, and therefore can't censor it. > > I.e., the conceptual equivilent of: > > grep -v '^#' master.passwd > master.passwd.tmp > grep -v '^#' master.passwd.bak > master.passwd.bak.tmp > diff -u master.passwd.bak master.passwd > > If an entry was commented out, then uncommented, then both events would > show up, just as removal/addition. > > I could be missing something, of course :-).
Oh. Hmm. That could work I suppose... -- John Baldwin <[EMAIL PROTECTED]> <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
