From owner-freebsd-stable  Fri Sep 11 10:15:53 1998
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA28840
          for freebsd-stable-outgoing; Fri, 11 Sep 1998 10:15:53 -0700 (PDT)
          (envelope-from owner-freebsd-stable@FreeBSD.ORG)
Received: from berry.cs.brandeis.edu (berry.cs.brandeis.edu [129.64.2.5])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA28832
          for <stable@freebsd.org>; Fri, 11 Sep 1998 10:15:49 -0700 (PDT)
          (envelope-from waterman@cs.brandeis.edu)
Received: from home (mg128-247.ricochet.net [204.179.128.247])
	by berry.cs.brandeis.edu (8.8.8/8.8.8) with ESMTP id NAA15478;
	Fri, 11 Sep 1998 13:14:46 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
	by home (8.8.8/8.8.8) with ESMTP id KAA08729;
	Fri, 11 Sep 1998 10:15:11 -0700 (PDT)
	(envelope-from waterman@home)
Message-Id: <199809111715.KAA08729@home>
To: Marc Giannoni <marc@versa.eng.comsat.com>
cc: stable@FreeBSD.ORG
X-Originally-to: freebsd-stable@FreeBSD.ORG
Subject: Re: Dialup PPP 
In-Reply-To: Your message of "Fri, 11 Sep 1998 12:26:33 EDT."
             <XFMail.980911123539.marc@versa.eng.comsat.com> 
References: <XFMail.980911123539.marc@versa.eng.comsat.com>  
Reply-To: waterman@acm.org
Date: Fri, 11 Sep 1998 10:15:11 -0700
From: TS Waterman <waterman@cs.brandeis.edu>
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

This is exactly how it is installed in 2.2.7
from my system (recently rebuilt to -STABLE)
-r-sr-xr--  1 root  network  143360 Aug 31 22:19 /usr/sbin/ppp

Ppp still has security features built in (the "allow user" directive)
to give permissions to only desired users.
Unless it can be perverted into doing something bizarre, or the
config files (/etc/ppp/...) are compromised, I wouldn't
worry about the setuid security issues.

Anyone know any outstanding security holes in ppp? Brian?

Marc Giannoni writes:
 >All:
 >
 >I'm not sure if this issue has been addressed yet, but following the 2.2.5 to
 >2.2.6/7 upgrade, my dialup PPP stopped working.  This seems to be related to
 >the new group 'network' assigned to ppp. 
 >
 >Since I'm using 'getty' for dialup ppp, my configuration invokes `ppp -direct
 >  '.
 >This does not run as Joe-Low-Privlege-User, so I changed the permissions for
 >"/usr/sbin/ppp".
 >
 >before: -r-sr-x---  1 root  network  143360 Feb 25  1998 /usr/sbin/ppp
 >---
 >after:  -r-sr-xr-x  1 root  network  143360 Feb 25  1998 /usr/sbin/ppp 
 >
 >This may introduce some security problems.  Any suggestions? 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message