Re: Xconsole vs "security"
Nuno Carvalho <nemanuel@student.dei.uc.pt> writes:
> Hi,
>
> I'm using Debian 1.3.1 and KDE Beta4.
> When I call the xconsole program I could almost activity on my machine
> but I think there's something wrong ...
>
> Sometimes on xconsole I could see my login and password as when I write
> them ! It's rigth !?!?
>
> I don't think so ! As I work as root and have a username on my machine
> there's no problem but if I add a new account if someone call xconsole
> could see my password to my ISP !
The question, I think, is that you are concerned because when you dial
up, the password to your isp gets logged by the chat program, and so
appears in the xconsole window. You worry that anyone you give an
account to can call up xconsole and thereby see your ISP password,
which would be a bad thing.
Ok, to begin with you can make it so that chat doesn't log your
password by putting a "\q" in front of it. In my chatscript
(/etc/ppp.chatscript on a Debian 1.3.1 machine) I have:
ABORT BUSY
ABORT "NO CARRIER"
ABORT VOICE
ABORT "NO DIALTONE"
"" ATDT4103660015
name MyISPlogin
word \qMyISPpasswd
This will replace your ISP password with all question marks (like:
"?????") in the logged messages.
(This next bit is directed at the list)
I was going to add more, but then I noticed that the pipe xconsole
reads is world-read - does this strike anyone else as a security
hole? Surely the information dumped into /dev/xconsole is as
sensitive as that dumped into /var/log/messages, right?
--
Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
Reply to: