On Wed, 9 Jul 1997, Joey Hess wrote:
> I've got sysklogd 1.3-17 and it's made /var/log/messages no longer be world
> readable. Is there some security problem with letting any user read it?
Well, here's an example of where it could be:
I use diald to dial up an ISP account. Diald calls chat to
execute a login-and-start-ppp script. Chat writes all of it's
<send>/<waitfor> pairs to /var/log/messages. So anyone who can read
/var/log/messages can also find my login and password for my ISP (in my
case, my university).
Will
[EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.ecl.udel.edu/~lowe/
*****************************************************************************
Good Idea: Feeding Stray Cats in the Park.
Bad Idea: Feeding Stray Cats in the park ... to a bear.
*****************************************************************************
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .
