Dne 06. 02. 20 v 19:46 Josef Reidinger napsal(a):
Hi, we need for sure discuss it with security team where are experts for this topic. Also we should maybe somehow mention that when Y2DEBUG is set to 1, then it logs everything including passwords as it logs also on UI layer ( by default not enabled ).
Maybe save_y2logs could grep the logs for "<0>" and print a warning in that case. But I'm not sure if that would slow-down saving the logs, there might be plenty of /var/log/YaST2/y2log-*.gz files and that could take some time... [...]
ability to pass user and chown tarball after calling. So something like `save_y2logs --user jreidinger` and resulting tarball will be readable by that user which looks like good compromise. and print warning if it is called without user specified.
Yes, I was just about to propose something like that. Just keep in mind that this will not help during installation, there is only the "root" user (besides some special system accounts). You need to solve that manually depending on how you get the logs out of the system. -- Ladislav Slezák YaST Developer SUSE LINUX, s.r.o. Corso IIa Křižíkova 148/34 18600 Praha 8 -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org