From owner-freebsd-hackers Sat Sep 20 14:02:26 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id OAA26933 for hackers-outgoing; Sat, 20 Sep 1997 14:02:26 -0700 (PDT) Received: from bitbox.follo.net (bitbox.follo.net [194.198.43.36]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA26922; Sat, 20 Sep 1997 14:02:18 -0700 (PDT) Received: (from eivind@localhost) by bitbox.follo.net (8.8.6/8.8.6) id XAA18140; Sat, 20 Sep 1997 23:02:07 +0200 (MET DST) Date: Sat, 20 Sep 1997 23:02:07 +0200 (MET DST) Message-Id: <199709202102.XAA18140@bitbox.follo.net> From: Eivind Eklund To: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= CC: hackers@FreeBSD.ORG, brian@awfulhak.org, brian@FreeBSD.ORG In-reply-to: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?='s message of Fri, 19 Sep 1997 16:53:59 +0400 (MSD) Subject: Re: ppp restrictions References: <199709191130.MAA26624@awfulhak.demon.co.uk> Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > On Fri, 19 Sep 1997, Brian Somers wrote: > > I think the best place to discuss this is on -hackers. Some people > > think that ppp should not be suid at all, others like it the way it > > was.... The way it was is IMHO unacceptable. It is a huge security hole, similar to sticking the root password in a world readable file in a slightly hidden location - acceptable in many situations, but not a way we can live with shipping systems. > Too many things works only from root, it is not flexible. Lets consider > suid abilities with and without suid requirements. If we have suid > abilities without suid requirement, we need yet one level of restriction > to separate them from normal user, it is "network" group currently. If we > have suid requirements, we don't need "network" group and return to old > model where all things are done from root. I like the present model. It allow you to be as strict (or not) as you want, but default to a secure value. "Principle of least surprise" indicate that users shouldn't be able to change routes; them doing that is more surprising than not being able to run PPP (which is easy enough to fix) Eivind.