Date: Mon, 03 Nov 1997 22:41:59 +0000 From: Brian Somers <brian@awfulhak.org> To: freebsd-hackers@FreeBSD.org Subject: ppp & pppctl Message-ID: <199711032241.WAA06861@awfulhak.demon.co.uk>
next in thread | raw e-mail | index | archive | help
Hi,
Recently, I made some rather gratuitous changes to security in
user-ppp. Some were "for" the changes, and some were "against".
Lots was said - which I suspect means that it's something that
should really be more configurable.
At the moment it works like this:
1. Only uid 0 can run ppp without the -direct flag.
2. Only uid 0 or group ``network'' can run ppp with the -direct flag,
but some uid 0 things are allowed (ppp has perms 4550).
3. A socket is created on AF_INET:3000 by default with the following
``properties'':
1. You *must* set a password in /etc/ppp/ppp.secrets
2. You *may* set an empty password (not documented), but even if
it's empty, you must still type ``passwd'' at the ppp prompt
after connecting.
3. You may disable the socket or make it an AF_UNIX socket.
4. You can *always* -USR1 ppp to re-open the socket on
AF_INET:3000+tunno.
4. Pppctl can send commands to ppp from the command line and has a
-p option to specify the password.
I suggest the following model:
1. The command "set users user-list" is introduced where user-list
is a list of user names. The default is empty. If users are
included in this list (or if your uid is 0), they may run ppp
without the -direct flag. The check is done *after* the ppp
section is loaded (and may be part of the default label).
2. The command "set modes mode-list" is introduced where mode-list
is a list of allowable modes from "auto", "background", "ddial",
"direct", "interactive" and "all". This command augments ``1.''
as the super-user may set up profiles that may not be altered.
The default is "all modes".
3. Permissions stay the same. You've gotta be group network to have
a chance of running ppp at all. This means that the default is
root only 'cos of file system permissions.
4. No socket is created by default.
1. You *must* set a password in /etc/ppp/ppp.secrets or on the
"set server" command line:
set server|socket TcpPort|LocalName|none [passwd] [mask]
2. If you specify an empty password, you don't need to use the
``passwd'' command.
3. You can *always* -USR1 ppp to re-open the socket on
AF_INET:3000+tunno.
5. Pppctl can already handle the ppp prompt when it doesn't want a
password (ppp doesn't prompt or require the -p option).
6. Pppctl will have an ``interactive'' mode, taking away ``telnet''s
attraction.
7. $HOME/.ppp.* are removed. The "!include" command is added
instead, which understands ``~'' and environment variables.
Any thoughts or suggestions ?
--
Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <bri@OpenBSD.org>
<http://www.Awfulhak.org>;
Don't _EVER_ lose your sense of humour....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711032241.WAA06861>