From owner-freebsd-hackers  Sun Feb 15 20:37:46 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA23625
          for freebsd-hackers-outgoing; Sun, 15 Feb 1998 20:37:46 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from ns1.yes.no (ns1.yes.no [195.119.24.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA23559
          for <hackers@FreeBSD.ORG>; Sun, 15 Feb 1998 20:37:39 -0800 (PST)
          (envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [194.198.43.36])
	by ns1.yes.no (8.8.7/8.8.7) with ESMTP id EAA10364;
	Mon, 16 Feb 1998 04:37:24 GMT
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.6/8.8.6) id FAA00181;
	Mon, 16 Feb 1998 05:37:22 +0100 (MET)
Message-ID: <19980216053722.35151@follo.net>
Date: Mon, 16 Feb 1998 05:37:22 +0100
From: Eivind Eklund <eivind@yes.no>
To: Obi Wan Oblivion <vdk@chaosphere.com>, hackers@FreeBSD.ORG
Subject: Re: IIJPPP & The Root User
References: <Pine.BSF.3.96.980215230330.691A-100000@logrus.chaosphere.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89.1i
In-Reply-To: <Pine.BSF.3.96.980215230330.691A-100000@logrus.chaosphere.com>; from Obi Wan Oblivion on Sun, Feb 15, 1998 at 11:21:58PM -0500
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, Feb 15, 1998 at 11:21:58PM -0500, Obi Wan Oblivion wrote:
> Howdy,
> 
> Any reason why I shouldn't modify IIJPPP Version 1.2 (built on 9/23/97) to
> allow uids other than zero to dialout?
> 
> I share my physical system with a few people who want access to the net,
> but I really don't want to dish out the root password to them.  I'm
> looking to keep the security, but add some flexibility.  For instance:
> 
>     <  if(getuid() != 0)
> 
>     >  if((getuid() != 0) || (getgid() != 68))
> 
> This way, you'd need to be either root, or a member of group dialer in
> order to use user process ppp in anything other than -direct.
> 
> Any thoughts?  Am I using a shotgun to kill a mouse, or am I unwittingly
> leaving a gaping security hole?

You're giving the people in question access to change your routing tables.
How much you care about that depend on how much you trust these peple.

'nuff said?

Eivind.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message