Re: Xconsole vs "security"
Daniel Martin at cush wrote:
>
> The question, I think, is that you are concerned because when you dial
> up, the password to your isp gets logged by the chat program, and so
> appears in the xconsole window. You worry that anyone you give an
> account to can call up xconsole and thereby see your ISP password,
> which would be a bad thing.
>
> Ok, to begin with you can make it so that chat doesn't log your
> password by putting a "\q" in front of it. In my chatscript
> (/etc/ppp.chatscript on a Debian 1.3.1 machine) I have:
> ABORT BUSY
> ABORT "NO CARRIER"
> ABORT VOICE
> ABORT "NO DIALTONE"
> "" ATDT4103660015
> name MyISPlogin
> word \qMyISPpasswd
>
> This will replace your ISP password with all question marks (like:
> "?????") in the logged messages.
>
> (This next bit is directed at the list)
> I was going to add more, but then I noticed that the pipe xconsole
> reads is world-read - does this strike anyone else as a security
> hole? Surely the information dumped into /dev/xconsole is as
> sensitive as that dumped into /var/log/messages, right?
>
What to do if my password is in "pap-secrets" ? I can always see it in
my xconsole window ! If I simply add an \q in pap-secrets at
MyISPpasswd, the pppd will try to use qMyISPpasswd instead to hide it.
(I also use KDE and like xconsole as it monitors my the connection. I do
not like it shows it so open.).
TIA,
Ionutz
--
Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
Reply to: