Date: Fri, 03 Sep 1999 00:02:31 +0100 From: Brian Somers <brian@Awfulhak.org> To: tbrock@mail.phoenix.net Cc: freebsd-questions@FreeBSD.ORG Subject: Re: user PPP only works for root Message-ID: <199909022302.AAA68820@keep.lan.Awfulhak.org> In-Reply-To: Your message of "Wed, 01 Sep 1999 08:23:41 CDT." <99090108294601.00334@fdho-w5.fdnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>
> On Tue, 31 Aug 1999, Ken Seggerman wrote:
> > I am running FreeBSD 3.1 on a Pentium 486 machine, and have the user ppp
> > that came with the release (PPP Version 2.0 - $Date: 1998/12/14 01:15:34)
> >
> > It no longer says "User Process PPP. Writen by Toshiaru OHNO."
> >
> > I have been using user ppp for some time now, but have only recently
> > tried to break the habit of doing everthing as root, but still have to su
> > to use ppp.
> >
> > $ ppp
> > Working in interactive mode
> > Warning: No available tunnel devices found (Permission denied).
> > Warning: bundle_Create: No such file or directory
>
> Changing system routes, redirecting devices and access to the tunnel device is
> not allowed by any user but root. I'm curious about an suid root ppp myself
> but I think it opens glaring and ugly security holes of which I'm not educated
> about. There is a way to "open" things up using sysctl but upon dynamically
> modifiying the kernel in this way you open huge gaping holes in security.
> Maybe someone else could expand or correct me here?
Ppp can only be executed by users that are in group ``network'' and
are explicitly ``allow''d to run ppp. It is quite possible for the
admin to restrict a user to specific modes so that they have no
control over the ppp profile that they use when they invoke ppp.
Assuming the admin explicitly allows a user access to a ppp prompt,
that user will be privileged - they can adjust the routing table and
alter the tun interface that ppp is using. It is assumed that the
admin can trust the user to do this sort of thing.
A smart & destructive user can do things like open the serial device
and create pid files and the like in /var/run. They can also grab
the default route and point it at an arbitrary workstation that they
have control over - this is probably the best way to ``violate'' the
network from ppp.
Executing other programs from the ppp prompt will always be done as
the user that originally started ppp.
All of this IMHO makes sense; it's difficult to allow user access
because it's dangerous to do so.
> Tony
--
Brian <brian@Awfulhak.org> <brian@FreeBSD.org>
<http://www.Awfulhak.org>; <brian@OpenBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@FreeBSD.org.uk>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909022302.AAA68820>