From owner-freebsd-hackers  Sun Feb 15 20:42:33 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA24453
          for freebsd-hackers-outgoing; Sun, 15 Feb 1998 20:42:33 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA24446
          for <hackers@FreeBSD.ORG>; Sun, 15 Feb 1998 20:42:20 -0800 (PST)
          (envelope-from danny@panda.hilink.com.au)
Received: (from danny@localhost)
	by panda.hilink.com.au (8.8.5/8.8.5) id PAA21783;
	Mon, 16 Feb 1998 15:42:05 +1100 (EST)
Date: Mon, 16 Feb 1998 15:42:05 +1100 (EST)
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: Obi Wan Oblivion <vdk@chaosphere.com>
cc: hackers@FreeBSD.ORG
Subject: Re: IIJPPP & The Root User
In-Reply-To: <Pine.BSF.3.96.980215230330.691A-100000@logrus.chaosphere.com>
Message-ID: <Pine.BSF.3.91.980216153909.294q-100000@panda.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Sun, 15 Feb 1998, Obi Wan Oblivion wrote:

> Any reason why I shouldn't modify IIJPPP Version 1.2 (built on 9/23/97) to
> allow uids other than zero to dialout?

Being able to dial out means being able to change the routing table; the 
entry of most concern is the default route.

>     <  if(getuid() != 0)
> 
>     >  if((getuid() != 0) || (getgid() != 68))

Getting the group's name and comparing it to dialer would be better.

You may want to look at preventing altering the default root and only 
allowing addition of the host route if(getuid() != 0).

Danny

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message