On 09/06/2021 08:57 Tony Hain tony@tndh.net wrote:
<snip/>
I have the dovecot-sysreport, but I am not encouraged about sending it when stdout presented: # dovecot-sysreport Gathering configurations ... grep: The -P option is not supportedgrep: The -P option is not supported grep: The -P option is not supported Gathering system informations ... Creating archive ... All done! Please report file dovecot-sysreport-TNDH-mail-1623209001.tar.gz Removing temp files at /tmp/tmp.kphlba44 ... #
While dovecot -n stdout presented the line: ssl_key = # hidden, use -P to show it
expecting people to put sensitive configuration on a public mail list without knowing what the tool is including is a challenge, but when the tool is errantly using the command line option that is also used for exposing the private data by a related tool, it is even less likely that I want to do that. While the dovecot -n option did hide passwords, it did not hide the username associated with that. I will put dovecot -n (redacted) here, but until I have time to see exactly what the sysreport included, I am not releasing that.
To alleviate your concerns:
from man grep
-P, --perl-regexp Interpret PATTERNS as Perl-compatible regular expressions (PCREs). This option is experimental when combined with the -z (--null-data) option, and grep -P may warn of unimplemented features.
dovecot-sysreport is a shell script, so you can easily verify that it is not attempting to call doveconf -nP, but instead, is trying to pass it to grep.
Aki