[Bug 513345] Review Request: iwak - Detect the openssh keys affected by CVE-2008-0166 among authorized_keys
bugzilla at redhat.com
bugzilla at redhat.com
Thu Jul 23 10:35:13 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=513345
--- Comment #1 from Tomas Hoger <thoger at redhat.com> 2009-07-23 06:35:11 EDT ---
Few thoughts from a quick look at the iwak script itself, rather than RPM
package:
- Any specific reason to avoid getopt to parse command line args?
/usr/share/doc/util-linux-ng-* has some easy to use examples.
- You seem to create TMPFILE rather early and later have to delete it if one of
the error conditions are met. At least one rm seem to be missing there, so may
be easier to create it later when you're really going to need it.
- You can save few extra commands / redirections by doing changes like:
grep something file > /dev/null --> grep -q something file
cat file | wc -l --> wc -l file
- This should have a README with big warning sysadmins should not to be tempted
to use this as root as:
for u in /home/* ; do [ -f $u/.ssh/authorized_keys ] && iwak
$u/.ssh/authorized_keys ; done
Just my 2c...
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the Fedora-package-review
mailing list