From owner-cvs-lib Sun Aug 31 04:11:37 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id EAA01426 for cvs-lib-outgoing; Sun, 31 Aug 1997 04:11:37 -0700 (PDT) Received: from bitbox.follo.net (bitbox.follo.net [194.198.43.36]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id EAA01353; Sun, 31 Aug 1997 04:09:25 -0700 (PDT) Received: (from eivind@localhost) by bitbox.follo.net (8.8.6/8.8.6) id NAA14292; Sun, 31 Aug 1997 13:09:19 +0200 (MET DST) Date: Sun, 31 Aug 1997 13:09:19 +0200 (MET DST) Message-Id: <199708311109.NAA14292@bitbox.follo.net> From: Eivind Eklund To: Brian Somers CC: guido@gvr.org, brian@FreeBSD.ORG, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-lib@FreeBSD.ORG In-reply-to: Brian Somers's message of Sun, 31 Aug 1997 01:02:16 +0100 Subject: Re: cvs commit: src/lib/libutil login_progok.3 login_progok.c Makefile libutil.h login.conf.5 References: <199708291956.VAA13103@gvr.gvr.org> <199708310002.BAA23911@awfulhak.demon.co.uk> Sender: owner-cvs-lib@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > Hmm, making a ppp group would address the problem..... I don't really > have an excuse for not doing it that way (temporary insanity?). > > Perhaps I should take this stuff back out. Does anyone see any > reasons why it should stay ? If someone wants to restrict use of a > program they can: > > $ ls -l /usr/sbin/ppp > -r-sr-x--- 1 root ppp 118784 Aug 28 01:03 /usr/sbin/ppp > > So if you're not in the ``ppp'' group, you don't get to run it ;-) Set this as the default, please. Having PPP available to "joe user" break some security paradigms - there is a lot of havoc you can do by being able to modify the routing table... Eivind.