Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 21 Sep 1997 14:36:58 -0400
From:      "Donald J. Maddox" <dmaddox@scsn.net>
To:        Alex <garbanzo@hooked.net>
Cc:        current@FreeBSD.ORG
Subject:   Re: Problems with -current ppp
Message-ID:  <19970921143658.25804@scsn.net>
In-Reply-To: <Pine.BSF.3.96.970921110345.413E-100000@zippy.dyn.ml.org>; from Alex on Sun, Sep 21, 1997 at 11:05:22AM -0700
References:  <19970921110054.48267@scsn.net> <Pine.BSF.3.96.970921110345.413E-100000@zippy.dyn.ml.org>
index | next in thread | previous in thread | raw e-mail 

On Sun, Sep 21, 1997 at 11:05:22AM -0700, Alex wrote:
> 
> 
> On Sun, 21 Sep 1997, Donald J. Maddox wrote:
> 
> > Ok.  My IP addres is dynamically assigned by my ISP (scsn.net), so the most
> > I can tell you is that it will be ppp???.coladlp?.scsn.net.  I usually only
> > use the PPP connection long enough to get my email, then kill it.  Most
> > incoming connections are denied by tcp wrappers.  Good luck :-)
> 
> TCP Wrappers are kinda a moot point, as that's not where the hole lies.
> That's like putting a deadbolt on the back door, and leaving the front one
> wide open.
>  
> > Seriously, I understand the need for security in ppp, and I would rather have
> > it secureable even if it means a little inconvenience (like having to type a
> > password).  However, since the window of insecurity is so small in this case,
> > if I can trade security for convenience, I will.
> 
> Uh, this isn't exactly a small hole, especially if you run it as root (not
> suid).
> 
> > This is not an appeal to have ppp's security enhancements reverted.  Clearly,
> > making ppp more secure is a Good Thing.
> 
> Yes.

    You seem to be missing my point.  I have almost _no need_ for security on
this connection because I am the only one with physical access to it, and the
network exposure it sees is extremely small.

    You may recall that this thread started because I was looking for a way
to start ppp without having to type a password, and I found it.  I was not
looking for instructions on how to make this box C2-certified.
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970921143658.25804>