From 721d823daa1a14e911d028a88e8472f08f7c0e27 Mon Sep 17 00:00:00 2001 From: kevans Date: Tue, 11 Feb 2020 06:12:02 +0000 Subject: [PATCH] backup-passwd: mask out all passwords in the diff The previous expression borked if a username had a plus or hyphen in it. This is needlessly restrictive- at leSt a hyphen in the middle is valid. Instead of playing this game, let's just assume the username can't contain a colon and mask out the second field. Submitted by: sigsys gmail com MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D23548 --- usr.sbin/periodic/etc/daily/200.backup-passwd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr.sbin/periodic/etc/daily/200.backup-passwd b/usr.sbin/periodic/etc/daily/200.backup-passwd index 638e227e3ac5..1e9bb8964047 100755 --- a/usr.sbin/periodic/etc/daily/200.backup-passwd +++ b/usr.sbin/periodic/etc/daily/200.backup-passwd @@ -42,7 +42,7 @@ case "$daily_backup_passwd_enable" in [ $rc -lt 1 ] && rc=1 echo "$host passwd diffs:" diff -uI '^#' $bak/master.passwd.bak /etc/master.passwd |\ - sed 's/^\([-+ ][^-+:]*\):[^:]*:/\1:(password):/' + sed 's/^\([-+ ][^:]*\):[^:]*:/\1:(password):/' mv $bak/master.passwd.bak $bak/master.passwd.bak2 cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3 fi