Nuno Carvalho <[EMAIL PROTECTED]> writes: > Hi, > > I'm using Debian 1.3.1 and KDE Beta4. > When I call the xconsole program I could almost activity on my machine > but I think there's something wrong ... > > Sometimes on xconsole I could see my login and password as when I write > them ! It's rigth !?!? > > I don't think so ! As I work as root and have a username on my machine > there's no problem but if I add a new account if someone call xconsole > could see my password to my ISP !
The question, I think, is that you are concerned because when you dial up, the password to your isp gets logged by the chat program, and so appears in the xconsole window. You worry that anyone you give an account to can call up xconsole and thereby see your ISP password, which would be a bad thing. Ok, to begin with you can make it so that chat doesn't log your password by putting a "\q" in front of it. In my chatscript (/etc/ppp.chatscript on a Debian 1.3.1 machine) I have: ABORT BUSY ABORT "NO CARRIER" ABORT VOICE ABORT "NO DIALTONE" "" ATDT4103660015 name MyISPlogin word \qMyISPpasswd This will replace your ISP password with all question marks (like: "?????") in the logged messages. (This next bit is directed at the list) I was going to add more, but then I noticed that the pipe xconsole reads is world-read - does this strike anyone else as a security hole? Surely the information dumped into /dev/xconsole is as sensitive as that dumped into /var/log/messages, right? -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
