[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Handling of raw passwords, quoting, escaping

[Steven Chamberlain]
> But isn't this kinda redundant?  It could be written so that the
> heredoc goes directly to kadmin.local instead of being output to
> file with 'cat' and then 'cat' back in?

Yes, it could be rewritten like that.  I kept the temp file to make it
easier to debug.

> The call to ldapwhoami still needs to read the raw password from a
> file though, which is unfortunate.

Yeah.  Would love to avoid it.

> Is there any specific reason to still not use quotes around things
> like $1, $USERDN, $USERID (or even $TMPFILE), as has now been done
> for $USERPASSWORD?  I would think that if someone did (as www-data)
> something like:

Nope.  Changed in svn.

> Hopefully the temporarily-stored passwords are held in
> /var/cache/debconf/passwords.dat, rather than remaining in
> world-readable /var/cache/debconf/config.dat-old after install?  I
> haven't checked this.

Good point.  Not quite sure when config.dat-old is updated.  But the
relevant values are of debconf type password, so I believe their
content is always stored in passwords.dat without such extra copy.
Happy hacking
Petter Reinholdtsen

Reply to: