Daniel Martin at cush wrote: > > The question, I think, is that you are concerned because when you dial > up, the password to your isp gets logged by the chat program, and so > appears in the xconsole window. You worry that anyone you give an > account to can call up xconsole and thereby see your ISP password, > which would be a bad thing. > > Ok, to begin with you can make it so that chat doesn't log your > password by putting a "\q" in front of it. In my chatscript > (/etc/ppp.chatscript on a Debian 1.3.1 machine) I have: > ABORT BUSY > ABORT "NO CARRIER" > ABORT VOICE > ABORT "NO DIALTONE" > "" ATDT4103660015 > name MyISPlogin > word \qMyISPpasswd > > This will replace your ISP password with all question marks (like: > "?????") in the logged messages. > > (This next bit is directed at the list) > I was going to add more, but then I noticed that the pipe xconsole > reads is world-read - does this strike anyone else as a security > hole? Surely the information dumped into /dev/xconsole is as > sensitive as that dumped into /var/log/messages, right? >
What to do if my password is in "pap-secrets" ? I can always see it in my xconsole window ! If I simply add an \q in pap-secrets at MyISPpasswd, the pppd will try to use qMyISPpasswd instead to hide it. (I also use KDE and like xconsole as it monitors my the connection. I do not like it shows it so open.). TIA, Ionutz -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
