Bugtraq mailing list archives
debian pppd chatscript
From: hardguy () CONTINUITY IT NET AU (Stephen Hardman)
Date: Mon, 15 Dec 1997 18:25:59 +0800
This is a bit old, but someone else noticed this and then it started happening on my machine. The default logfile (/var/log/ppp.log) is world readable by default. --- extract from /var/log/ppp.log --- Dec 14 16:43:14 gateway chat[362]: ^Mlogin -- got it Dec 14 16:43:14 gateway chat[362]: send (loginname^M) Dec 14 16:43:15 gateway chat[362]: expect (word) Dec 14 16:43:15 gateway chat[362]: : loginname^M Dec 14 16:43:15 gateway chat[362]: Password -- got it Dec 14 16:43:15 gateway chat[362]: send (MyPassWoRd^M) --- end extract --- So it seems it is not hiding the sent password as it should do when the password is preceeded by \q in /etc/ppp.chatscript. \q Suppress writing the string to the SYSLOG file. The string ?????? is written to the log in its place. (not valid in expect.) -- chat(8) I should probably send it off to a debian bug/security list as well... but it's quite relavent here. This didn't happen until I recently reinstalled Debian. versions are - ii ppp 2.2.0f-23 Point-to-Point Protocol (PPP) daemon. pppd version 2.2 patch level 0 Debian 1.3 My settings are _exactly_ the same, am I missing something? (Thanks to Andrew McArdle for first pointing it out) Stephen Hardman hardguy () it net au
Current thread:
- buffer overflows in cracklib?! Jon Lewis (Dec 14)
- Re: buffer overflows in cracklib?! Rick Byers (Dec 15)
- debian pppd chatscript Stephen Hardman (Dec 15)
- Re: debian pppd chatscript TARBY (Dec 16)
- Re: debian pppd chatscript Wichert Akkerman (Dec 16)
- Word Perfect for Linux v7.0.0116 Hans Petter Bieker (Dec 15)
- Re: buffer overflows in cracklib?! Alec Muffett (Dec 15)
- debian pppd chatscript Stephen Hardman (Dec 15)
- Re: buffer overflows in cracklib?! Rick Byers (Dec 15)