From owner-cvs-etc  Sat Feb  8 12:54:44 1997
Return-Path: <owner-cvs-etc>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id MAA28588
          for cvs-etc-outgoing; Sat, 8 Feb 1997 12:54:44 -0800 (PST)
Received: (from jdp@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id MAA28580;
          Sat, 8 Feb 1997 12:54:42 -0800 (PST)
Date: Sat, 8 Feb 1997 12:54:42 -0800 (PST)
From: John Polstra <jdp>
Message-Id: <199702082054.MAA28580@freefall.freebsd.org>
To: CVS-committers, cvs-all, cvs-etc
Subject: cvs commit:  src/etc daily
Sender: owner-cvs-etc@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

jdp         97/02/08 12:54:41

  Modified:    etc       daily
  Log:
  Security fix.  Strip the encrypted passwords out of the "master.passwd"
  diff output, and replace them with "(password)".  The diffs get
  mailed to root, which in many cases is forwarded across the
  Internet.  A patient sniffer could acquire the entire "master.passwd"
  file by saving all the diffs.  With this fix, you still see that the
  password changed, but you don't see the details.
  
  Unless somebody talks me out of it, I am going to merge this into -2.2
  in 48 hours.
  
  Revision  Changes    Path
  1.22      +2 -1      src/etc/daily