[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Hiding all copies of your PPP password
Well, the situation is that if you want to set up a PPP connection to
your ISP, you must create /etc/ppp/pap-secrets and/or /etc/ppp/chap-secrets.
Also, if you use chat (rather than dip) to help pppd get started, then you must
write a chat script.
The problem is that those files contain your password in clear text form.
So if someone succeeds in breaking into your Linux system and gaining root
privileges, then also your ISP account is open for him.
Barring major change in the way pppd starts up (and barring any obvious
oversights by me), the solution to the above problem is:
1. Change the above files into soft links to files in a RAM disk (whose
contents will be destroyed each time the system is booted).
2. Detect when an attempt to open those files is made, and launch a
process which asks the user for the password. Using the password, the
process will generate the files (by means of a perl script or whatever) and
then allow the file open process to proceed.
Did anyone already develop something similar to the above?
--- Omer
WARNING: by sending me unsolicited commercial/religious/political/MailPush
E-mail (known also as "spam") you irrevocably agree to pay me US$500.-
(plus any legal fees incurred by my trying to collect the above amount) per
unsolicited commercial/religious/political/M@ilPush E-mail message sent
to me - for the service of receiving it.