Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 13 Nov 2001 14:31:48 -0800 (PST)
From:      John Baldwin <jhb@FreeBSD.org>
To:        Robert Watson <rwatson@FreeBSD.org>
Cc:        "Crist J. Clark" <cristjc@earthlink.net>, current@FreeBSD.org, Alexander Leidinger <Alexander@Leidinger.net>
Subject:   Re: daily run output & passwd diff
Message-ID:  <XFMail.011113143148.jhb@FreeBSD.org>
In-Reply-To: <Pine.NEB.3.96L.1011113172509.55075A-100000@fledge.watson.org>

next in thread | previous in thread | raw e-mail | index | archive | help

On 13-Nov-01 Robert Watson wrote:
> 
> On Tue, 13 Nov 2001, John Baldwin wrote:
> 
>> > My temptation would actually be to ignore any commented lines in either
>> > file for the purposes of the diff.  For the purposes of security checking,
>> > you care mostly about the uncommented lines.  This would allow the script
>> > to exclude content when it didn't understand its semantics (and hence
>> > might risk revealing information it wasn't intended to).
>> 
>> So if some (admittedly weird) sysadmin temporarily comments out a
>> password line then the next day we will broadcast that crypted password
>> in plaintext e-mail? 
> 
> Not sure I follow.  I was suggesting that any line beginning with '#' be
> excluded from the diffing, since the script can't know if information in
> the comment is sensitive or not, and therefore can't censor it.
> 
> I.e., the conceptual equivilent of:
> 
> grep -v '^#' master.passwd > master.passwd.tmp
> grep -v '^#' master.passwd.bak > master.passwd.bak.tmp
> diff -u master.passwd.bak master.passwd
> 
> If an entry was commented out, then uncommented, then both events would
> show up, just as removal/addition.
> 
> I could be missing something, of course :-).

Oh.  Hmm.  That could work I suppose...

-- 

John Baldwin <jhb@FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.011113143148.jhb>