From owner-freebsd-bugs Thu Nov 7 18:40:03 1996 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id SAA00421 for bugs-outgoing; Thu, 7 Nov 1996 18:40:03 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id SAA00402; Thu, 7 Nov 1996 18:40:02 -0800 (PST) Date: Thu, 7 Nov 1996 18:40:02 -0800 (PST) Message-Id: <199611080240.SAA00402@freefall.freebsd.org> To: freebsd-bugs Cc: From: John-Mark Gurney Subject: Re: bin/1973: pppd uses /etc/ppp/options.tty after command line args Reply-To: John-Mark Gurney Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk The following reply was made to PR bin/1973; it has been noted by GNATS. From: John-Mark Gurney To: Chris Timmons Cc: FreeBSD-gnats@freefall.FreeBSD.org, GNATS Management , freebsd-bugs@freefall.FreeBSD.org Subject: Re: bin/1973: pppd uses /etc/ppp/options.tty after command line args Date: Thu, 7 Nov 1996 18:30:32 -0800 (PST) On Thu, 7 Nov 1996, Chris Timmons wrote: > > Hmmm... smells like a feature to me. From pppd(8): > > /etc/ppp/options.ttyname > System default options for the serial port being > used, read after command-line options. > > ... which leads me to believe that the intention is to provide a mechanism > whereby the system administrator can lock-down certain options, like the > IP address that a normal user can't override. > > If your change is committed, how else might an adminstrator lock down > options? actually... I just realized this... and so what I was thinking about doing was to provide an option to read the options.tty file before the commandline args... and in my environment they can't run pppd manually so it's not a security risk... so does the option to turn on reading option.ttys before commandline args sound good? ttyl.. > On Thu, 7 Nov 1996, John-Mark Gurney wrote: > > > > > >Number: 1973 > > >Category: bin > > >Synopsis: pppd uses /etc/ppp/options.tty after command line args > > >Confidential: no > > >Severity: serious > > >Priority: medium > > >Responsible: freebsd-bugs > > >State: open > > >Class: sw-bug > > >Submitter-Id: current-users > > >Arrival-Date: Thu Nov 7 15:00:01 PST 1996 > > >Last-Modified: > > >Originator: John-Mark Gurney > > >Organization: > > Cu Networking > > >Release: FreeBSD 2.2-960801-SNAP i386 > > >Environment: > > > > a ppp server that is doing "dynamic" ip via /etc/ppp/options.tty files and > > wants to allow some others to connect a network overriding the ip address > > in options.tty file on the command line... > > > > machine is a cut down termserver > > > > > > >Description: > > > > when you try to override options that are specified in options. from the > > command line you find you can't... > > > > > > > > >How-To-Repeat: > > > > create a /etc/ppp/options. file with something like > > :1.2.3.4 > > and then run: > > pppd :1.2.3.5 > > you will find that when you connect you will end up with 1.2.3.4 as your ip > > address instead of 1.2.3.5... which you would expect... > > > > > > >Fix: > > > > apply this patch... (basicly swap reading sequence of options: > > > > Index: main.c > > =================================================================== > > RCS file: /usr/cvs/src/usr.sbin/pppd/main.c,v > > retrieving revision 1.5 > > diff -c -r1.5 main.c > > *** main.c 1995/10/31 21:21:26 1.5 > > --- main.c 1996/11/07 10:19:59 > > *************** > > *** 191,198 **** > > > > if (!options_from_file(_PATH_SYSOPTIONS, REQ_SYSOPTIONS, 0) || > > !options_from_user() || > > ! !parse_args(argc-1, argv+1) || > > ! !options_for_tty()) > > die(1); > > check_auth_options(); > > setipdefault(); > > --- 191,198 ---- > > > > if (!options_from_file(_PATH_SYSOPTIONS, REQ_SYSOPTIONS, 0) || > > !options_from_user() || > > ! !options_for_tty() || > > ! !parse_args(argc-1, argv+1)) > > die(1); > > check_auth_options(); > > setipdefault(); > > > > > > >Audit-Trail: > > >Unformatted: > > > > John-Mark gurney_j@efn.org http://resnet.uoregon.edu/~gurney_j/ Modem/FAX: (541) 683-6954 (FreeBSD Box) Live in Peace, destroy Micro$oft, support free software, run FreeBSD (unix)