From owner-freebsd-hackers Sat Sep 20 19:01:27 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id TAA07014 for hackers-outgoing; Sat, 20 Sep 1997 19:01:27 -0700 (PDT) Received: from awfulhak.demon.co.uk (awfulhak.demon.co.uk [158.152.17.1]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id TAA07007; Sat, 20 Sep 1997 19:01:19 -0700 (PDT) Received: from gate.lan.awfulhak.org (localhost [127.0.0.1]) by awfulhak.demon.co.uk (8.8.5/8.8.5) with ESMTP id BAA21105; Sun, 21 Sep 1997 01:51:19 +0100 (BST) Message-Id: <199709210051.BAA21105@awfulhak.demon.co.uk> X-Mailer: exmh version 2.0zeta 7/24/97 To: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= cc: Eivind Eklund , hackers@FreeBSD.ORG, brian@awfulhak.org, brian@FreeBSD.ORG Subject: Re: ppp restrictions In-reply-to: Your message of "Sun, 21 Sep 1997 03:08:39 +0400." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 21 Sep 1997 01:51:18 +0100 From: Brian Somers Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > On Sat, 20 Sep 1997, Eivind Eklund wrote: > > > I like the present model. It allow you to be as strict (or not) as > > you want, but default to a secure value. "Principle of least > > It is not allows to run ppp from "network" group, only from root, so it > not does what I want. There are three different levels of access here. 1. The "normal" user who shouldn't be allowed to use ppp at all (I think we all agree on this). ppp is root.network/4550 to prevent normal user access. 2. The "server" user where ppp is run in -direct mode and the user does not have control over the super-user aspects of ppp. ppp allows any user to run in -direct mode (subject to the permissions above) 3. The "client" user who can alter routing tables at will. ppp insists that client users have a real uid of 0. I think it's important to distinguish between 2 & 3. There is still an outstanding issue. If a member of group network also has access to a normal shell, it's possible that they sabotage the system by creating a ~/.ppp.conf file that fondles routes, and then run "ppp -direct mylabel". I think under the current circumstances, the removal of the ~/.ppp.* file searching would be reasonable. Perhaps I should add a compile-time option to relax ppp's behaviour. It would allow client-mode ppp by members of group network and would read the ~/.ppp.* files (if found). > -- > Andrey A. Chernov > > http://www.nagual.pp.ru/~ache/ > -- Brian , , Don't _EVER_ lose your sense of humour....