Date: Sun, 21 Sep 1997 14:36:58 -0400 From: "Donald J. Maddox" <dmaddox@scsn.net> To: Alex <garbanzo@hooked.net> Cc: current@FreeBSD.ORG Subject: Re: Problems with -current ppp Message-ID: <19970921143658.25804@scsn.net> In-Reply-To: <Pine.BSF.3.96.970921110345.413E-100000@zippy.dyn.ml.org>; from Alex on Sun, Sep 21, 1997 at 11:05:22AM -0700 References: <19970921110054.48267@scsn.net> <Pine.BSF.3.96.970921110345.413E-100000@zippy.dyn.ml.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Sep 21, 1997 at 11:05:22AM -0700, Alex wrote:
>
>
> On Sun, 21 Sep 1997, Donald J. Maddox wrote:
>
> > Ok. My IP addres is dynamically assigned by my ISP (scsn.net), so the most
> > I can tell you is that it will be ppp???.coladlp?.scsn.net. I usually only
> > use the PPP connection long enough to get my email, then kill it. Most
> > incoming connections are denied by tcp wrappers. Good luck :-)
>
> TCP Wrappers are kinda a moot point, as that's not where the hole lies.
> That's like putting a deadbolt on the back door, and leaving the front one
> wide open.
>
> > Seriously, I understand the need for security in ppp, and I would rather have
> > it secureable even if it means a little inconvenience (like having to type a
> > password). However, since the window of insecurity is so small in this case,
> > if I can trade security for convenience, I will.
>
> Uh, this isn't exactly a small hole, especially if you run it as root (not
> suid).
>
> > This is not an appeal to have ppp's security enhancements reverted. Clearly,
> > making ppp more secure is a Good Thing.
>
> Yes.
You seem to be missing my point. I have almost _no need_ for security on
this connection because I am the only one with physical access to it, and the
network exposure it sees is extremely small.
You may recall that this thread started because I was looking for a way
to start ppp without having to type a password, and I found it. I was not
looking for instructions on how to make this box C2-certified.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970921143658.25804>