Date: Tue, 13 Nov 2001 16:51:42 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.org> To: John Baldwin <jhb@FreeBSD.org> Cc: "Crist J. Clark" <cristjc@earthlink.net>, current@FreeBSD.org, Alexander Leidinger <Alexander@Leidinger.net> Subject: Re: daily run output & passwd diff Message-ID: <Pine.NEB.3.96L.1011113165017.54003A-100000@fledge.watson.org> In-Reply-To: <XFMail.011112080837.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 12 Nov 2001, John Baldwin wrote: > > What if someone comments out a line in the password file of a user? > Then this won't hide that password. When this originally went in, it > took a long while to get a sed line people were happy with. Replacing > the version number is a minor thing, but getting it to work perfectly > may be a bit difficult. If you do this, I'd rather you make sed handle > the $FreeBSD$ case as a completely separate case, so something like: sed > -e '/\$FreeBSD\$/; //s/blah blah/blah/' or some such (I forget how sed > does multiple expressions). My temptation would actually be to ignore any commented lines in either file for the purposes of the diff. For the purposes of security checking, you care mostly about the uncommented lines. This would allow the script to exclude content when it didn't understand its semantics (and hence might risk revealing information it wasn't intended to). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1011113165017.54003A-100000>