The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: debian pppd chatscript (fwd)

To: Martin Mitchell <martin@debian.org>
Subject: Re: debian pppd chatscript (fwd)
From: John Goerzen <jgoerzen@southwind.net>
Date: Wed, 17 Dec 1997 08:12:25 -0600 (CST)
Cc: security@debian.org
Delivered-to: security@debian.org
In-reply-to: <87lnxlz6x7.fsf@mail.usyd.edu.au>
Resent-cc: recipient list not shown: ;
Resent-date: 17 Dec 1997 14:04:52 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"8iH5YB.A.mVF.Dw9l0"@debian>
Resent-sender: debian-private-request@lists.debian.org

Martin,

I had added appropriate \q's to my chatscript after noticing that it was
logging the password to /var/log/messages.  However, he is mentioning a
different file that I have never had an opportunity to examine.  Have you
looked at this other file as well?

John

On 17 Dec 1997, Martin Mitchell wrote:

> Date: 17 Dec 1997 01:41:56 +1100
> From: Martin Mitchell <martin@debian.org>
> To: John Goerzen <jgoerzen@southwind.net>
> Cc: security@debian.org
> Subject: Re: debian pppd chatscript (fwd)
> 
> John Goerzen <jgoerzen@southwind.net> writes:
> 
> > Somebody please look at this, it seems rather serious to me.
> ...
> > So it seems it is not hiding the sent password as it should
> > do when the password is preceeded by \q in /etc/ppp.chatscript.
> > 
> >        \q     Suppress writing the string to the SYSLOG file. The
> >               string  ??????  is written to the log in its place.
> >               (not valid in expect.) -- chat(8)
> 
> It is quite a common mistake when writing the chatscript to do something
> like:
> 
> word:    \qSecretPassword\q
> 
> Unfortunately, the extra \q at the end of the password turns logging back
> on for that line, so that the password is logged. It should be written:
> 
> word:	\qSecretPassword
> 
> The original author didn't quote his chatscript in the post, perhaps he
> should check on this.
> 
> 	Martin.
> 

-- 
John Goerzen
Southwind Internet Access, Inc. Technical Support
Business e-mail: jgoerzen@southwind.net

Personal e-mail: jgoerzen@complete.org
Wichita State University e-mail: jgoerzen@cs.twsu.edu
Developer, Debian GNU/Linux    <http://www.debian.org>


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

References:
- Re: debian pppd chatscript (fwd)
  - From: Martin Mitchell <martin@debian.org>

Prev by Date: Re: Let's go!!! Debian 2.0 will be _top_ quality
Next by Date: buffer overflow bug in glibc 2.0.5c
Previous by thread: Re: debian pppd chatscript (fwd)
Next by thread: Re: debian pppd chatscript (fwd)
Index(es):
- Date
- Thread