From owner-cvs-usrsbin Fri Oct 11 03:08:38 1996 Return-Path: owner-cvs-usrsbin Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id DAA04745 for cvs-usrsbin-outgoing; Fri, 11 Oct 1996 03:08:38 -0700 (PDT) Received: from ra.dkuug.dk (ra.dkuug.dk [193.88.44.193]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id DAA04738; Fri, 11 Oct 1996 03:08:24 -0700 (PDT) Received: (from sos@localhost) by ra.dkuug.dk (8.6.12/8.6.12) id LAA15010; Fri, 11 Oct 1996 11:58:46 +0200 Message-Id: <199610110958.LAA15010@ra.dkuug.dk> Subject: Re: cvs commit: src/usr.sbin/ppp command.c To: ache@nagual.ru (=?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?=) Date: Fri, 11 Oct 1996 11:58:46 +0200 (MET DST) Cc: joerg_wunsch@uriah.heep.sax.de, sos@freefall.freebsd.org, CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-usrsbin@freefall.freebsd.org In-Reply-To: <199610110917.NAA00448@nagual.ru> from "=?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?=" at Oct 11, 96 01:17:44 pm From: sos@FreeBSD.org Reply-to: sos@FreeBSD.org X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-cvs-usrsbin@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk In reply to =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= who wrote: > > > As Soren Schmidt wrote: > > > sos 96/10/10 04:27:38 > > > > > > Modified: usr.sbin/ppp command.c > > > Log: > > > Allow shell commands in all modes. > > > > Do you get a root shell now if you run ``ppp -auto'', connect to port > > 3000, and issue a `shell'? I would consider this a very bad move! > > > > Yes, we just make security hole, it should be fixed. Oops... I guess it was too late in the night when I did that... Any good suggestions as how to make this work securely ?? Maybe only allowing the program named in the ppp.xxx file, that way security is at the/etc/ppp level. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Soren Schmidt (sos@FreeBSD.org) FreeBSD Core Team So much code to hack -- so little time.