Michel Beland wrote: > > > Following is > > an example of my ppp.chatscript. > > > [ ... ] > > word \qabcdefg\q > > This is very bad ! With the \q at the end, the password is shown in > files /var/log/ppp.log and /var/log/messages, which are readable by > everyone by default. You should only specify \qabcdefg so that the > password is replaced by a string of question marks in log files. > > I checked inside ppp_2.2.0f-19.deb, available on the stable tree, and > the ppp.chatscript that comes with it shows two \q like above. It is > declared as bug 7967 since March 19th, 1997, but it still is not > corrected. Meanwhile, the Debian Web pages state that most security > bugs get fixed in 48 hours... > > -- > Michel Beland [EMAIL PROTECTED] > professionnel de recherche tel: (514)369-5223 fax: (514)369-3880 > CERCA (CEntre de Recherche en Calcul Applique) > 5160, boul. Decarie, bureau 400(423), Montreal (Quebec), Canada, H3X 2H9
I am not familiar with the qabcdefg technique you are discussing. In order to avoid having my password visible to the world, I break up my script into two files. The first file, which I invoke to connect to my ISP I call 'call-isp' and it looks like this: pppd connect 'chat -v -f /usr/lib/ppp/isp1' /dev/cua1 19200 debug passive \ crtscts modem defaultroute kdebug 2 This script calls the file 'isp1' which is only readable by root and contains my username, password, and the isp's telephone number: "" ATDT9342100 CONNECT "" ogin:-BREAK-ogin: <my login id> ssword: <my password> Works fine for me. -- Ken Gaugler N6OSK Santa Clara, California email: [EMAIL PROTECTED] URL: http://www.wco.com/~keng "The life of a Repo Man is always INTENSE..."
