Simo Sorce wrote:
All very nice, but the current situation is that this info *is* sent to the log. So I applaud if you want to go and fix applications, in the meanwhile we cannot relax security around that log IMO.
The current situation (from where I'm sitting) is that the private info is *not* sent to the log because the of the gdm chooser design. So what we have instead is that non-private info is being sent to a super-private log and (as Lennart pointed out) that information is less accessible to the admins that might be able to use it.
If you are concerned about people not using the chooser or some other vector to hit the issue with pam, then fixing pam is a ~1 line patch (if people can be convinced that the info shouldn't be logged). I can't imagine too many other applications having this bad behavior (given that I never see passwords in the logs anymore). I don't know what we accomplish by protecting AUTHPRIV as a facilitator of applications logging things that shouldn't be logged.
-- Andrew Schultz ajs42@xxxxxxxxxxx http://www.sens.buffalo.edu/~ajs42/ -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
