"show running-config" output contains clear-text shared secrets; require enable

diff --git a/Changes b/Changes
index 3d6cc27..414cfbb 100644 (file)
--- a/Changes
+++ b/Changes
@@ -1,4 +1,4 @@
-* Sun May 8 2005 Brendan O'Dea <bod@optusnet.com.au> 2.1.0
+* Mon May 9 2005 Brendan O'Dea <bod@optusnet.com.au> 2.1.0
 - Add IPv6 support from Jonathan McDowell.
 - Add CHAP support from Jordan Hrycaj.
 - Add interim accounting support from Vladislav Bjelic.
@@ -58,6 +58,8 @@
   fails.
 - Don't process C_LASTSEEN unless we're a master (otherwise a crashed
   master kills all slaves once restarted).
+- Make "show running-config" a privileged command (contains clear text
+  shared secrets).
 
 * Fri Dec 17 2004 Brendan O'Dea <bod@optusnet.com.au> 2.0.13
 - Better cluster master collision resolution: keep a counter of state

diff --git a/cli.c b/cli.c
index aa9d518..1d4dea1 100644 (file)
--- a/cli.c
+++ b/cli.c
@@ -2,7 +2,7 @@
 // vim: sw=8 ts=8
 
 char const *cvs_name = "$Name:  $";
-char const *cvs_id_cli = "$Id: cli.c,v 1.56 2005/05/05 10:02:07 bodea Exp $";
+char const *cvs_id_cli = "$Id: cli.c,v 1.57 2005/05/09 08:53:50 bodea Exp $";
 
 #include <stdio.h>
 #include <stdarg.h>
@@ -149,7 +149,7 @@ void init_cli(char *hostname)
        cli_register_command(cli, c, "plugins", cmd_show_plugins, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "List all installed plugins");
        cli_register_command(cli, c, "pool", cmd_show_pool, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show the IP address allocation pool");
        cli_register_command(cli, c, "radius", cmd_show_radius, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show active radius queries");
-       cli_register_command(cli, c, "running-config", cmd_show_run, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show the currently running configuration");
+       cli_register_command(cli, c, "running-config", cmd_show_run, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Show the currently running configuration");
        cli_register_command(cli, c, "session", cmd_show_session, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show a list of sessions or details for a single session");
        cli_register_command(cli, c, "tbf", cmd_show_tbf, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "List all token bucket filters in use");
        cli_register_command(cli, c, "throttle", cmd_show_throttle, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "List all throttled sessions and associated TBFs");

diff --git a/l2tpns.spec b/l2tpns.spec
index 883f14a..64ebd47 100644 (file)
--- a/l2tpns.spec
+++ b/l2tpns.spec
@@ -43,5 +43,5 @@ rm -rf %{buildroot}
 %attr(644,root,root) /usr/share/man/man[58]/*
 
 %changelog
-* Sun May 8 2005 Brendan O'Dea <bod@optusnet.com.au> 2.1.0-1
+* Mon May 9 2005 Brendan O'Dea <bod@optusnet.com.au> 2.1.0-1
 - 2.1.0 release, see /usr/share/doc/l2tpns-2.1.0/Changes