Date: Sun, 7 Sep 1997 18:03:55 -0700 (PDT) From: "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com> To: softweyr@xmission.com (Wes Peters) Cc: stable@FreeBSD.ORG Subject: Re: Don Croyle: make world failing at ppp install (again) Message-ID: <199709080103.SAA15997@GndRsh.aac.dev.com> In-Reply-To: <199709072350.RAA20657@obie.softweyr.ml.org> from Wes Peters at "Sep 7, 97 05:50:22 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> Rodney W. Grimes writes: > > Running ppp does _NOT_ *requires* write access to the routing table, > > this is much much much better handled by properly configuring > > a real routing daemon and running real routing protocols. > > Requiring every user who wants to use FreeBSD PPP as a simple > single-user workstation with a dial-up ISP account, or even as a simple > router, to understand routing protocols and gated will guarantee that > many will just go elsewhere. > > While I don't disagree with you about the capability of gated, losing > the simple routing capabilities of ppp would be a stupid move. A person using FreeBSD as a simple single user workstation has root access, and does not have the problem that is attempted to being fixed. Duplicating the equiv of /sbin/route in ppp IMHO, is just silly, adds yet another place that has to be mucked with when the kernel/user land routing interface changes, etc. What I am more concerned about is server side ppp and the security whole that has just been bandaided over via group network instead of totally eliminated by removal of route calls. There is no how no way I want _any_ user other than root in _any_ group munging around with routing tables on a ppp server! -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation, Inc. Reliable computers for FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709080103.SAA15997>