diff options
author | tonnerre <tonnerre> | 2008-07-13 15:26:36 +0000 |
---|---|---|
committer | tonnerre <tonnerre> | 2008-07-13 15:26:36 +0000 |
commit | 8ec953cbb03746d9f7095c0732f9751ff79715d7 (patch) | |
tree | d53c7f6928dff2c8f703e70dc22a1b568504f2e2 /sysutils/bacula-doc/patches/patch-ad | |
parent | cc90ac8895c6d5ad74e74d46aea238a6a0fef606 (diff) | |
download | pkgsrc-8ec953cbb03746d9f7095c0732f9751ff79715d7.tar.gz |
Add patches "solving" the issue of bacula exposing passwords et cetera
through the command line parameters of various tools (CVE-2007-5626).
Diffstat (limited to 'sysutils/bacula-doc/patches/patch-ad')
-rw-r--r-- | sysutils/bacula-doc/patches/patch-ad | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/sysutils/bacula-doc/patches/patch-ad b/sysutils/bacula-doc/patches/patch-ad new file mode 100644 index 00000000000..bc92e170885 --- /dev/null +++ b/sysutils/bacula-doc/patches/patch-ad @@ -0,0 +1,13 @@ +$NetBSD: patch-ad,v 1.1 2008/07/13 15:26:36 tonnerre Exp $ + +--- manual/postgresql.tex.orig 2007-01-05 18:20:41.000000000 +0100 ++++ manual/postgresql.tex +@@ -200,6 +200,8 @@ password in place, these two lines shoul + \begin{verbatim} + dbname = bacula; user = bacula; password = "secret" + ... and ... ++ # WARNING!!! Passing the password via the command line is insecure. ++ # see comments in make_catalog_backup for details. + RunBeforeJob = "/etc/make_catalog_backup bacula bacula secret" + \end{verbatim} + \normalsize |