Date: Sat, 8 Feb 1997 12:54:42 -0800 (PST) From: John Polstra <jdp> To: CVS-committers, cvs-all, cvs-etc Subject: cvs commit: src/etc daily Message-ID: <199702082054.MAA28580@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
jdp 97/02/08 12:54:41 Modified: etc daily Log: Security fix. Strip the encrypted passwords out of the "master.passwd" diff output, and replace them with "(password)". The diffs get mailed to root, which in many cases is forwarded across the Internet. A patient sniffer could acquire the entire "master.passwd" file by saving all the diffs. With this fix, you still see that the password changed, but you don't see the details. Unless somebody talks me out of it, I am going to merge this into -2.2 in 48 hours. Revision Changes Path 1.22 +2 -1 src/etc/daily
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702082054.MAA28580>