Bug#402644: My patch for this bug
What do you think about making the the /var/log/fai directory read only for root and the group adm? IMO this would fix the security problem. - regards Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402644: My patch for this bug
save_log_local() { ... ... mkdir -p $thislog cp -a $LOGDIR/* $thislog + if [ $verbose -eq 1 ] + then + grep -v rootpw= $LOGDIR/fai.log $thislog/fai.log + fi ln -snf $HOSTNAME $logbase/localhost ln -snf $FAI_ACTION-$FAI_RUNDATE $logbase/$HOSTNAME/last-$FAI_ACTION ... ... } -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402644: My patch for this bug
I agree that we do not need the hash in the local log files. I wonder if it's a bug or a feature that we copy the hash (md5 by default) of the rootpw to the remote location. This fix may not be complete (depending on bug or feature that it's copied to remote), since fai-savelog copies from $LOGDIR when doing the remote copy and only $thislog/fai.log was cleaned up. -- regards Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]