On Fri, 29 Sep 2000, Nigel Metheringham wrote:
> > all the query or queries options, because they can contain
> > password information in LDAP queries
>
> Isn't that anything thats an expanded string, host list or domain list
> included there? Thats quite a lot....
Sorry. I meant the options whose names are explicitly "query" and
"queries". But you are right, it may not be a sensible thing. Now, if I
hadn't packaged the LDAP passwords in with the query...
> You could special case -bP - *before* reading the config, if the
> command is a -bP, setuid() to the invoking UID. Then you decide on
> config visisbility by config file permissions.
Hmm.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
