From 71d5ff4391f2c268c5ea795568326a033e495a7d Mon Sep 17 00:00:00 2001 From: Ed Maste Date: Tue, 21 Nov 2017 20:31:54 +0000 Subject: [PATCH] filter all passwords (not only changed) from periodic passwd backup The periodic 200.backup-passwd script outputs any differences it finds in master.passwd, relative to the previous backup. It intends to elide the encrypted password field, but previously did so only for changed lines (i.e., those beginning with - or + in the diff). Apply the sed expression also to unchanged lines to also elide their passwords. PR: 223461 Reported by: Andre Albsmeier MFC after: 2 weeks Sponsored by: The FreeBSD Foundation --- etc/periodic/daily/200.backup-passwd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/periodic/daily/200.backup-passwd b/etc/periodic/daily/200.backup-passwd index aef20c5b70b2..638e227e3ac5 100755 --- a/etc/periodic/daily/200.backup-passwd +++ b/etc/periodic/daily/200.backup-passwd @@ -42,7 +42,7 @@ case "$daily_backup_passwd_enable" in [ $rc -lt 1 ] && rc=1 echo "$host passwd diffs:" diff -uI '^#' $bak/master.passwd.bak /etc/master.passwd |\ - sed 's/^\([-+][^-+:]*\):[^:]*:/\1:(password):/' + sed 's/^\([-+ ][^-+:]*\):[^:]*:/\1:(password):/' mv $bak/master.passwd.bak $bak/master.passwd.bak2 cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3 fi