Re: /var/log/messages not world-readable anymore?

To: Will Lowe <lowe@mail.eecis.udel.edu>
Cc: Joey Hess <joey@kite.ml.org>, debian-user@lists.debian.org
Subject: Re: /var/log/messages not world-readable anymore?
From: Joey Hess <joey@kite.ml.org>
Date: Wed, 9 Jul 1997 12:53:29 -0400
Message-id: <[🔎] 19970709125329.51440@kite>
In-reply-to: <[🔎] Pine.SUN.3.96.970709124052.9934B-100000@saturn.cis.udel.edu>; from Will Lowe on Wed, Jul 09, 1997 at 12:44:03PM -0400
References: <[🔎] 19970709115451.16107@kite> <[🔎] Pine.SUN.3.96.970709124052.9934B-100000@saturn.cis.udel.edu>

Will Lowe:
> Well,  here's an example of where it could be:
> 
> 	I use diald to dial up an ISP account.  Diald calls chat to
> execute a login-and-start-ppp script.  Chat writes all of it's
> <send>/<waitfor> pairs to /var/log/messages.  So anyone who can read
> /var/log/messages can also find my login and password for my ISP (in my
> case,  my university).

Not a problem here, becuase I use \q in the right places in my chat script
to make the password not be shown.

Any more examples of why this could be a security hole?

-- 
see shy jo


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: /var/log/messages not world-readable anymore?
  - From: Debian user mail <debuser@templinux.bucknell.edu>

References:
- /var/log/messages not world-readable anymore?
  - From: Joey Hess <joey@kite.ml.org>
- Re: /var/log/messages not world-readable anymore?
  - From: Will Lowe <lowe@mail.eecis.udel.edu>

Prev by Date: Re: /var/log/messages not world-readable anymore?
Next by Date: Re: PPP dial-up script
Previous by thread: Re: /var/log/messages not world-readable anymore?
Next by thread: Re: /var/log/messages not world-readable anymore?
Index(es):
- Date
- Thread