Date: Thu, 7 Nov 1996 18:30:32 -0800 (PST) From: John-Mark Gurney <jmg@nike.efn.org> To: Chris Timmons <skynyrd@tahoma.cwu.edu> Cc: FreeBSD-gnats@freefall.FreeBSD.org, GNATS Management <gnats@freefall.FreeBSD.org>, freebsd-bugs@freefall.FreeBSD.org Subject: Re: bin/1973: pppd uses /etc/ppp/options.tty after command line args Message-ID: <Pine.NEB.3.95.961107182905.352S-100000@nike> In-Reply-To: <Pine.OSF.3.95.961107173541.16472C-100000@tahoma.cwu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 7 Nov 1996, Chris Timmons wrote: > > Hmmm... smells like a feature to me. From pppd(8): > > /etc/ppp/options.ttyname > System default options for the serial port being > used, read after command-line options. > > ... which leads me to believe that the intention is to provide a mechanism > whereby the system administrator can lock-down certain options, like the > IP address that a normal user can't override. > > If your change is committed, how else might an adminstrator lock down > options? actually... I just realized this... and so what I was thinking about doing was to provide an option to read the options.tty file before the commandline args... and in my environment they can't run pppd manually so it's not a security risk... so does the option to turn on reading option.ttys before commandline args sound good? ttyl.. > On Thu, 7 Nov 1996, John-Mark Gurney wrote: > > > > > >Number: 1973 > > >Category: bin > > >Synopsis: pppd uses /etc/ppp/options.tty after command line args > > >Confidential: no > > >Severity: serious > > >Priority: medium > > >Responsible: freebsd-bugs > > >State: open > > >Class: sw-bug > > >Submitter-Id: current-users > > >Arrival-Date: Thu Nov 7 15:00:01 PST 1996 > > >Last-Modified: > > >Originator: John-Mark Gurney > > >Organization: > > Cu Networking > > >Release: FreeBSD 2.2-960801-SNAP i386 > > >Environment: > > > > a ppp server that is doing "dynamic" ip via /etc/ppp/options.tty files and > > wants to allow some others to connect a network overriding the ip address > > in options.tty file on the command line... > > > > machine is a cut down termserver > > > > > > >Description: > > > > when you try to override options that are specified in options.<tty> from the > > command line you find you can't... > > > > > > > > >How-To-Repeat: > > > > create a /etc/ppp/options.<tty> file with something like > > :1.2.3.4 > > and then run: > > pppd :1.2.3.5 > > you will find that when you connect you will end up with 1.2.3.4 as your ip > > address instead of 1.2.3.5... which you would expect... > > > > > > >Fix: > > > > apply this patch... (basicly swap reading sequence of options: > > > > Index: main.c > > =================================================================== > > RCS file: /usr/cvs/src/usr.sbin/pppd/main.c,v > > retrieving revision 1.5 > > diff -c -r1.5 main.c > > *** main.c 1995/10/31 21:21:26 1.5 > > --- main.c 1996/11/07 10:19:59 > > *************** > > *** 191,198 **** > > > > if (!options_from_file(_PATH_SYSOPTIONS, REQ_SYSOPTIONS, 0) || > > !options_from_user() || > > ! !parse_args(argc-1, argv+1) || > > ! !options_for_tty()) > > die(1); > > check_auth_options(); > > setipdefault(); > > --- 191,198 ---- > > > > if (!options_from_file(_PATH_SYSOPTIONS, REQ_SYSOPTIONS, 0) || > > !options_from_user() || > > ! !options_for_tty() || > > ! !parse_args(argc-1, argv+1)) > > die(1); > > check_auth_options(); > > setipdefault(); > > > > > > >Audit-Trail: > > >Unformatted: > > > > John-Mark gurney_j@efn.org http://resnet.uoregon.edu/~gurney_j/ Modem/FAX: (541) 683-6954 (FreeBSD Box) Live in Peace, destroy Micro$oft, support free software, run FreeBSD (unix)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.95.961107182905.352S-100000>