[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /var/log/messages not world-readable anymore?

On Wed, 9 Jul 1997, Dave Cinege wrote:

> On Wed, 9 Jul 1997 12:44:03 -0400 (EDT), Will Lowe wrote:
> 
> >On Wed, 9 Jul 1997, Joey Hess wrote:
> >
> >> I've got sysklogd 1.3-17 and it's made /var/log/messages no longer be world
> >> readable. Is there some security problem with letting any user read it?
> >
> >/var/log/messages can also find my login and password for my ISP (in my
> >case,  my university).
> 
> Not if you enclose the password in '/q' like the standard 
> /etc/ppp.chatscript does.


Not entirely true! The example script shows:

ABORT        BUSY
ABORT        "NO CARRIER"
ABORT        VOICE
ABORT        "NO DIALTONE"
""           ATDT<edit phone number here>
ogin         <put login name here>
word         \q<put password here>\q


All of the sudden one day I noticed my password showing up in
the log files. I had to eliminate the second \q and then add
it to the next statement pair.

So be carefull.


 ----------------  http://www.sound.net/~wpmills/  -----------------
: W. Paul Mills          : Bill, I was there several years ago.     :
: Topeka, Kansas, U.S.A. : Why would I want to go back tomorrow?    :
: wpmills@midusa.net     : Where were you!                          :
: wpmills@sound.net      : ---------------------------------------- :
: paulmills@bix.com      : Linux:     Tomorrow's operating system,  :
: paulmills@aol.com      :            here, today.                  :
: PAULMILLS@delphi.com   : ---------------------------------------- :
: compuserve 70023,1750  : #define MY_TRUE_LOVE computer            :
 --------------  http://homepage.midusa.net/~wpmills/  -------------


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . Trouble? 
e-mail to templin@bucknell.edu .
Reply to: