Security fix. Strip the encrypted passwords out of the "master.passwd"

diff output, and replace them with "(password)". The diffs get mailed to root, which in many cases is forwarded across the Internet. A patient sniffer could acquire the entire "master.passwd" file by saving all the diffs. With this fix, you still see that the password changed, but you don't see the details. Unless somebody talks me out of it, I am going to merge this into -2.2 in 48 hours.
1997-02-08 20:54:38 +00:00 · 1997-02-08 20:54:38 +00:00 · c54bd25952
commit c54bd25952
parent 9e4d6045b8
1 changed files with 2 additions and 1 deletions
--- a/etc/daily
+++ b/etc/daily
@ -81,7 +81,8 @@ if [ ! -f $bak/master.passwd.bak ] ; then
 fi
 if cmp -s $bak/master.passwd.bak /etc/master.passwd; then :; else
 	echo "$host passwd diffs:"
-	diff $bak/master.passwd.bak /etc/master.passwd
+	diff $bak/master.passwd.bak /etc/master.passwd |\
+		sed 's/^\([<>] [^:]*\):[^:]*:/\1:(password):/'
 	mv $bak/master.passwd.bak $bak/master.passwd.bak2
 	cp -p /etc/master.passwd $bak/master.passwd.bak
 fi