Date: Mon, 16 Feb 1998 05:37:22 +0100 From: Eivind Eklund <eivind@yes.no> To: Obi Wan Oblivion <vdk@chaosphere.com>, hackers@FreeBSD.ORG Subject: Re: IIJPPP & The Root User Message-ID: <19980216053722.35151@follo.net> In-Reply-To: <Pine.BSF.3.96.980215230330.691A-100000@logrus.chaosphere.com>; from Obi Wan Oblivion on Sun, Feb 15, 1998 at 11:21:58PM -0500 References: <Pine.BSF.3.96.980215230330.691A-100000@logrus.chaosphere.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Feb 15, 1998 at 11:21:58PM -0500, Obi Wan Oblivion wrote: > Howdy, > > Any reason why I shouldn't modify IIJPPP Version 1.2 (built on 9/23/97) to > allow uids other than zero to dialout? > > I share my physical system with a few people who want access to the net, > but I really don't want to dish out the root password to them. I'm > looking to keep the security, but add some flexibility. For instance: > > < if(getuid() != 0) > > > if((getuid() != 0) || (getgid() != 68)) > > This way, you'd need to be either root, or a member of group dialer in > order to use user process ppp in anything other than -direct. > > Any thoughts? Am I using a shotgun to kill a mouse, or am I unwittingly > leaving a gaping security hole? You're giving the people in question access to change your routing tables. How much you care about that depend on how much you trust these peple. 'nuff said? Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980216053722.35151>