Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 11 Sep 1998 10:15:11 -0700
From:      TS Waterman <waterman@cs.brandeis.edu>
To:        Marc Giannoni <marc@versa.eng.comsat.com>
Cc:        stable@FreeBSD.ORG
Subject:   Re: Dialup PPP 
Message-ID:  <199809111715.KAA08729@home>
In-Reply-To: Your message of "Fri, 11 Sep 1998 12:26:33 EDT." <XFMail.980911123539.marc@versa.eng.comsat.com> 
References:  <XFMail.980911123539.marc@versa.eng.comsat.com>  

next in thread | previous in thread | raw e-mail | index | archive | help
This is exactly how it is installed in 2.2.7
from my system (recently rebuilt to -STABLE)
-r-sr-xr--  1 root  network  143360 Aug 31 22:19 /usr/sbin/ppp

Ppp still has security features built in (the "allow user" directive)
to give permissions to only desired users.
Unless it can be perverted into doing something bizarre, or the
config files (/etc/ppp/...) are compromised, I wouldn't
worry about the setuid security issues.

Anyone know any outstanding security holes in ppp? Brian?

Marc Giannoni writes:
 >All:
 >
 >I'm not sure if this issue has been addressed yet, but following the 2.2.5 to
 >2.2.6/7 upgrade, my dialup PPP stopped working.  This seems to be related to
 >the new group 'network' assigned to ppp. 
 >
 >Since I'm using 'getty' for dialup ppp, my configuration invokes `ppp -direct
 >  '.
 >This does not run as Joe-Low-Privlege-User, so I changed the permissions for
 >"/usr/sbin/ppp".
 >
 >before: -r-sr-x---  1 root  network  143360 Feb 25  1998 /usr/sbin/ppp
 >---
 >after:  -r-sr-xr-x  1 root  network  143360 Feb 25  1998 /usr/sbin/ppp 
 >
 >This may introduce some security problems.  Any suggestions? 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809111715.KAA08729>