Will Lowe: > Well, here's an example of where it could be: > > I use diald to dial up an ISP account. Diald calls chat to > execute a login-and-start-ppp script. Chat writes all of it's > <send>/<waitfor> pairs to /var/log/messages. So anyone who can read > /var/log/messages can also find my login and password for my ISP (in my > case, my university).
Not a problem here, becuase I use \q in the right places in my chat script to make the password not be shown. Any more examples of why this could be a security hole? -- see shy jo -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
