On 2020-02-07 15:50, Ladislav Slezak wrote:
Dne 06. 02. 20 v 19:46 Josef Reidinger napsal(a):
Hi, we need for sure discuss it with security team where are experts for this topic. Also we should maybe somehow mention that when Y2DEBUG is set to 1, then it logs everything including passwords as it logs also on UI layer ( by default not enabled ).
Maybe save_y2logs could grep the logs for "<0>" and print a warning in that case. But I'm not sure if that would slow-down saving the logs, there might be plenty of /var/log/YaST2/y2log-*.gz files and that could take some time...
First please somebody bring any shred of evidence that this actually happens. I think that this is just plain misinformation. Kind regards -- Stefan Hundhammer <shundhammer@suse.de> YaST Developer SUSE Linux GmbH GF: Felix Imendörffer, Jane Smithard, Graham Norton; HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org