Dne 06. 02. 20 v 19:46 Josef Reidinger napsal(a):
Hi, we need for sure discuss it with security team where are experts for this
topic. Also we should maybe somehow mention that when Y2DEBUG is set to 1, then
it
logs everything including passwords as it logs also on UI layer ( by default not
enabled ).
Maybe save_y2logs could grep the logs for "<0>" and print a warning in that
case.
But I'm not sure if that would slow-down saving the logs, there might be plenty
of
/var/log/YaST2/y2log-*.gz files and that could take some time...
[...]
ability to pass user and chown tarball after calling. So something like
`save_y2logs --user jreidinger` and resulting tarball will be readable by that
user which looks like good compromise. and print warning if it is called without
user specified.
Yes, I was just about to propose something like that.
Just keep in mind that this will not help during installation, there is only
the "root" user (besides some special system accounts). You need to solve that
manually depending on how you get the logs out of the system.
--
Ladislav Slezák
YaST Developer
SUSE LINUX, s.r.o.
Corso IIa
Křižíkova 148/34
18600 Praha 8
--
To unsubscribe, e-mail: yast-devel+unsubscr...@opensuse.org
To contact the owner, e-mail: yast-devel+ow...@opensuse.org
