Page MenuHomeFreeBSD
Differential D23548

daily/200.backup-passwd periodic script not hiding the password field of certain users
ClosedPublic
Actions

Authored by sigsys_gmail.com on Feb 6 2020, 10:01 PM.
Tags
None
Referenced Files
F151127773: D23548.id68105.diff
Mon, Apr 6, 6:42 AM
Unknown Object (File)
Sat, Apr 4, 9:57 PM
Unknown Object (File)
Wed, Apr 1, 10:29 PM
Unknown Object (File)
Wed, Apr 1, 1:33 AM
Unknown Object (File)
Tue, Mar 24, 8:05 PM
Unknown Object (File)
Tue, Mar 24, 2:29 AM
Unknown Object (File)
Mon, Mar 23, 7:41 AM
Unknown Object (File)
Mon, Mar 23, 5:02 AM
View All Files
Subscribers
imp

Details

Reviewers
None
Group Reviewers
Contributor Reviews (src)
Commits
rS357756: backup-passwd: mask out all passwords in the diff
Summary

The (hashed) password of users with a "+" or "-" in their username is being sent in the periodic emails as-is instead of being replaced by "(password)".

If the intent was to ignore NIS entries, then it should check only the first character. But I think that this is unnecessary, NIS entries follow the same format and the second field either is a password or should be empty.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

sigsys_gmail.com created this revision.Feb 6 2020, 10:01 PM
lwhsu added a reviewer: Contributor Reviews (src).Feb 6 2020, 10:05 PM
This revision was not accepted when it landed; it landed in state Needs Review.Feb 11 2020, 6:12 AM
Closed by commit rS357756: backup-passwd: mask out all passwords in the diff (authored by kevans). · Explain Why
This revision was automatically updated to reflect the committed changes.
kevans added a commit: rS357756: backup-passwd: mask out all passwords in the diff.
Herald added a subscriber: imp. · View Herald TranscriptFeb 11 2020, 6:12 AM

Revision Contents
Changeset List

PathSize
head/
usr.sbin/
periodic/
etc/
daily/
2 lines

Diff 68105

View Options

head/usr.sbin/periodic/etc/daily/200.backup-passwd

Loading...