Bug 233011 - daily/200.backup-passwd periodic script: hide password of usernames containing a dash character
Summary: daily/200.backup-passwd periodic script: hide password of usernames containin...
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: conf (show other bugs)
Version: 11.2-STABLE
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-bugs (Nobody)
Keywords: patch
Depends on:
Reported: 2018-11-06 02:48 UTC by sigsys
Modified: 2018-11-08 23:41 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description sigsys 2018-11-06 02:48:41 UTC
Usernames with a dash in them do not match the sed regex used to hide the passwords.  AFAIK it should not be necessary to treat "-" and "+" specially at all there.  If there are NIS lines, they either shouldn't have a second field, or the second field may also be a password.

diff --git a/usr.sbin/periodic/etc/daily/200.backup-passwd b/usr.sbin/periodic/etc/daily/200.backup-passwd
index 638e227e3ac..1e9bb896404 100755
--- a/usr.sbin/periodic/etc/daily/200.backup-passwd
+++ b/usr.sbin/periodic/etc/daily/200.backup-passwd
@@ -42,7 +42,7 @@ case "$daily_backup_passwd_enable" in
 		[ $rc -lt 1 ] && rc=1
 		echo "$host passwd diffs:"
 		diff -uI '^#' $bak/master.passwd.bak /etc/master.passwd |\
-			sed 's/^\([-+ ][^-+:]*\):[^:]*:/\1:(password):/'
+			sed 's/^\([-+ ][^:]*\):[^:]*:/\1:(password):/'
 		mv $bak/master.passwd.bak $bak/master.passwd.bak2
 		cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3