Re: Xconsole vs "security"

[Ionut Borcoman at debian <borco@mailbox.ro>]

Daniel Martin at cush wrote:
> 
> The question, I think, is that you are concerned because when you dial
> up, the password to your isp gets logged by the chat program, and so
> appears in the xconsole window.  You worry that anyone you give an
> account to can call up xconsole and thereby see your ISP password,
> which would be a bad thing.
> 
> Ok, to begin with you can make it so that chat doesn't log your
> password by putting a "\q" in front of it.  In my chatscript
> (/etc/ppp.chatscript on a Debian 1.3.1 machine) I have:
> ABORT        BUSY
> ABORT        "NO CARRIER"
> ABORT        VOICE
> ABORT        "NO DIALTONE"
> ""           ATDT4103660015
> name         MyISPlogin
> word         \qMyISPpasswd
> 
> This will replace your ISP password with all question marks (like:
> "?????") in the logged messages.
> 
> (This next bit is directed at the list)
> I was going to add more, but then I noticed that the pipe xconsole
> reads is world-read - does this strike anyone else as a security
> hole?  Surely the information dumped into /dev/xconsole is as
> sensitive as that dumped into /var/log/messages, right?
> 

What to do if my password is in "pap-secrets" ? I can always see it in
my xconsole window ! If I simply add an \q in pap-secrets at
MyISPpasswd, the pppd will try to use qMyISPpasswd instead to hide it.
(I also use KDE and like xconsole as it monitors my the connection. I do
not like it shows it so open.).

TIA,

Ionutz


--  
Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null