[2273] in RedHat Linux List
More netcfg and ppp observations - security implication?
daemon@ATHENA.MIT.EDU (Kyle Ferrio)
Fri Nov 1 20:26:52 1996
Date: Fri, 1 Nov 1996 20:24:38 -0500 (EST)
From: Kyle Ferrio <kbf@phy.duke.edu>
To: redhat-list@redhat.com
In-Reply-To: <199611020013.TAA12939@redhat.com>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
I just reverse-engineered the if[cfg|up|down]* scripts.
Some comments, especially on the overall model, would
have been very useful (hint).
Something else that I'm sure has been discussed/solved in this and broader
forums is the issue of the -entire- chat script showing up in the output
of `ps -axf`. This "feature" might go undiscovered if you have a window /
vt too narrow to avoid truncation. But it's there. For reasons that I
have yet to track down, the ps entry for chat lists the entire script,
even though invoked with a -f script. In priciple, someone logged into
your system can grab ppp ISP passwords of your users by running a process
that continuously filters ps -af, looking for the chat script. Note that
the \q escape prevents the password from appearing in SYSLOG
(/var/log/messages under Redhat) but does nothing out what ps -f reports.
I understand that ppp isn't the most secure thing in the first place and
that most ppp instalations are effectively single-user boxes anyway. But
this is just too glaring to go unmentioned. Is this a FAQ?
Thanks,
Kyle Ferrio
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-Errata
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
