Ross Patterson writes: > > When a user attempts to log in to a remote repository via pserver with the > wrong password, CVS writes a message to the LOG_AUTHPRIV syslog() facility > containing the incorrect password. As a bonus, if you're running release > 1.11.6 or later, I believe it also includes the correct password - we're not > there yet, but that's the way the src/server.c looks to me.
It includes the *crypted* versions of the entered password and the correct password, not the plain text. In fact, there's no way to determine the plain text of the correct password -- the encryption is one-way. And it carefully avoids logging the plain text of the entered password because the failure might well be the result of a simple, easily guessed typo. > I know a proper syslogd setup will send LOG_AUTHPRIV messages to someplace > secure (e.g. /var/log/secure on Red Hat Linux), but it still seems wrong to > include either password in the message. Doubly wrong if you're using system > passwords to secure CVS. That's the whole point of LOG_AUTHPRIV -- to have a place to log sensitive information that shouldn't be public, but can be very important for debugging. I don't know of any system that provides the facility that doesn't also have it set up securely in the default syslogd configuration. > Can we please consider suppressing the passwords, at least optionally? I think you're overreacting; the logged information isn't that sensitive. -Larry Jones Hmm... That might not be politic. -- Calvin _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
