Re: Xconsole vs "security"
Daniel Martin at cush wrote:
> The question, I think, is that you are concerned because when you dial
> up, the password to your isp gets logged by the chat program, and so
> appears in the xconsole window. You worry that anyone you give an
> account to can call up xconsole and thereby see your ISP password,
> which would be a bad thing.
That's right !
> Ok, to begin with you can make it so that chat doesn't log your
> password by putting a "\q" in front of it. In my chatscript
> (/etc/ppp.chatscript on a Debian 1.3.1 machine) I have:
I forgot to say that I'm using a ISDN card and my script use ippd ! So the
passwordis on /etc/ppp/isdn-auth !
I think ppp.chatscript only works when using modem that isn't ISDN !
How could I resolve it !?
> (This next bit is directed at the list)
> I was going to add more, but then I noticed that the pipe xconsole
> reads is world-read - does this strike anyone else as a security
> hole? Surely the information dumped into /dev/xconsole is as
> sensitive as that dumped into /var/log/messages, right?
As I could see .... the information that appears on /var/log/messages doesn't
appears at allon xconsole ! On /var/log/messages doesn't appears my password !
Best regards,
Nuno Carvalho
--
Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
Reply to: