Re: /var/log/messages not world-readable anymore?
On Wed, 9 Jul 1997, Dave Cinege wrote:
> On Wed, 9 Jul 1997 12:44:03 -0400 (EDT), Will Lowe wrote:
>
> >On Wed, 9 Jul 1997, Joey Hess wrote:
> >
> >> I've got sysklogd 1.3-17 and it's made /var/log/messages no longer be world
> >> readable. Is there some security problem with letting any user read it?
> >
> >/var/log/messages can also find my login and password for my ISP (in my
> >case, my university).
>
> Not if you enclose the password in '/q' like the standard
> /etc/ppp.chatscript does.
Not entirely true! The example script shows:
ABORT BUSY
ABORT "NO CARRIER"
ABORT VOICE
ABORT "NO DIALTONE"
"" ATDT<edit phone number here>
ogin <put login name here>
word \q<put password here>\q
All of the sudden one day I noticed my password showing up in
the log files. I had to eliminate the second \q and then add
it to the next statement pair.
So be carefull.
---------------- http://www.sound.net/~wpmills/ -----------------
: W. Paul Mills : Bill, I was there several years ago. :
: Topeka, Kansas, U.S.A. : Why would I want to go back tomorrow? :
: wpmills@midusa.net : Where were you! :
: wpmills@sound.net : ---------------------------------------- :
: paulmills@bix.com : Linux: Tomorrow's operating system, :
: paulmills@aol.com : here, today. :
: PAULMILLS@delphi.com : ---------------------------------------- :
: compuserve 70023,1750 : #define MY_TRUE_LOVE computer :
-------------- http://homepage.midusa.net/~wpmills/ -------------
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . Trouble?
e-mail to templin@bucknell.edu .
Reply to: