Re: /var/log/messages not world-readable anymore?
Will Lowe:
> Well, here's an example of where it could be:
>
> I use diald to dial up an ISP account. Diald calls chat to
> execute a login-and-start-ppp script. Chat writes all of it's
> <send>/<waitfor> pairs to /var/log/messages. So anyone who can read
> /var/log/messages can also find my login and password for my ISP (in my
> case, my university).
Not a problem here, becuase I use \q in the right places in my chat script
to make the password not be shown.
Any more examples of why this could be a security hole?
--
see shy jo
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: