Bug 233011

Summary: daily/200.backup-passwd periodic script: hide password of usernames containing a dash character
Product: Base System Reporter: sigsys
Component: confAssignee: freebsd-bugs (Nobody) <bugs>
Status: New ---    
Severity: Affects Some People Keywords: patch
Priority: ---    
Version: 11.2-STABLE   
Hardware: Any   
OS: Any   

Description sigsys 2018-11-06 02:48:41 UTC
Usernames with a dash in them do not match the sed regex used to hide the passwords.  AFAIK it should not be necessary to treat "-" and "+" specially at all there.  If there are NIS lines, they either shouldn't have a second field, or the second field may also be a password.

diff --git a/usr.sbin/periodic/etc/daily/200.backup-passwd b/usr.sbin/periodic/etc/daily/200.backup-passwd
index 638e227e3ac..1e9bb896404 100755
--- a/usr.sbin/periodic/etc/daily/200.backup-passwd
+++ b/usr.sbin/periodic/etc/daily/200.backup-passwd
@@ -42,7 +42,7 @@ case "$daily_backup_passwd_enable" in
 		[ $rc -lt 1 ] && rc=1
 		echo "$host passwd diffs:"
 		diff -uI '^#' $bak/master.passwd.bak /etc/master.passwd |\
-			sed 's/^\([-+ ][^-+:]*\):[^:]*:/\1:(password):/'
+			sed 's/^\([-+ ][^:]*\):[^:]*:/\1:(password):/'
 		mv $bak/master.passwd.bak $bak/master.passwd.bak2
 		cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3
 	    fi