Re: PPPproblem

To: peter@pisys.com
Cc: RCROSS@seitz.com, debian-user@debian.org
Subject: Re: PPPproblem
From: Michel Beland <beland@CERCA.UMontreal.CA>
Date: Wed, 26 Mar 1997 23:22:27 -0500 (EST)
Message-id: <[🔎] 199703270422.XAA01133@kafka.CERCA.UMontreal.CA>
In-reply-to: <[🔎] 3338F3F8.5403@pisys.com> from "Peter Iannarelli" at Mar 26, 97 05:01:28 am

> Following is
> an example of my ppp.chatscript.
> 
[ ... ]
> word         \qabcdefg\q

This is very bad !  With the \q at the end, the password is shown in
files /var/log/ppp.log and /var/log/messages, which are readable by
everyone by default.  You should only specify \qabcdefg so that the
password is replaced by a string of question marks in log files.

I checked inside ppp_2.2.0f-19.deb, available on the stable tree, and
the ppp.chatscript that comes with it shows two \q like above.  It is
declared as bug 7967 since March 19th, 1997, but it still is not
corrected.  Meanwhile, the Debian Web pages state that most security
bugs get fixed in 48 hours...

--
Michel Beland                 beland@CERCA.UMontreal.CA
professionnel de recherche    tel: (514)369-5223  fax: (514)369-3880
CERCA (CEntre de Recherche en Calcul Applique)
5160, boul. Decarie, bureau 400(423), Montreal (Quebec), Canada, H3X 2H9

Reply to:

Follow-Ups:
- Re: PPPproblem
  - From: Ken Gaugler <keng@wco.com>

References:
- Re: PPPproblem
  - From: Peter Iannarelli <peter@pisys.com>

Prev by Date: XFree86 problem with Mouse Systems mouse
Next by Date: Re: PPPproblem
Previous by thread: Re: PPPproblem
Next by thread: Re: PPPproblem
Index(es):
- Date
- Thread