From owner-freebsd-current  Sun Sep 21 11:37:29 1997
Return-Path: <owner-freebsd-current>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id LAA11742
          for current-outgoing; Sun, 21 Sep 1997 11:37:29 -0700 (PDT)
Received: from mail.scsn.net (scsn.net [206.25.246.12])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id LAA11737
          for <current@FreeBSD.ORG>; Sun, 21 Sep 1997 11:37:26 -0700 (PDT)
Received: from rhiannon.scsn.net ([208.133.153.90]) by mail.scsn.net
          (Post.Office MTA v3.1 release PO203a ID# 0-41950U6000L1100S0)
          with ESMTP id AAA221; Sun, 21 Sep 1997 14:38:37 -0400
Received: (from root@localhost)
	by rhiannon.scsn.net (8.8.7/8.8.5) id OAA00982;
	Sun, 21 Sep 1997 14:36:58 -0400 (EDT)
Message-ID: <19970921143658.25804@scsn.net>
Date: Sun, 21 Sep 1997 14:36:58 -0400
From: "Donald J. Maddox" <dmaddox@scsn.net>
To: Alex <garbanzo@hooked.net>
Cc: current@FreeBSD.ORG
Subject: Re: Problems with -current ppp
Reply-To: dmaddox@scsn.net
References: <19970921110054.48267@scsn.net> <Pine.BSF.3.96.970921110345.413E-100000@zippy.dyn.ml.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.81
In-Reply-To: <Pine.BSF.3.96.970921110345.413E-100000@zippy.dyn.ml.org>; from Alex on Sun, Sep 21, 1997 at 11:05:22AM -0700
Sender: owner-freebsd-current@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Sun, Sep 21, 1997 at 11:05:22AM -0700, Alex wrote:
> 
> 
> On Sun, 21 Sep 1997, Donald J. Maddox wrote:
> 
> > Ok.  My IP addres is dynamically assigned by my ISP (scsn.net), so the most
> > I can tell you is that it will be ppp???.coladlp?.scsn.net.  I usually only
> > use the PPP connection long enough to get my email, then kill it.  Most
> > incoming connections are denied by tcp wrappers.  Good luck :-)
> 
> TCP Wrappers are kinda a moot point, as that's not where the hole lies.
> That's like putting a deadbolt on the back door, and leaving the front one
> wide open.
>  
> > Seriously, I understand the need for security in ppp, and I would rather have
> > it secureable even if it means a little inconvenience (like having to type a
> > password).  However, since the window of insecurity is so small in this case,
> > if I can trade security for convenience, I will.
> 
> Uh, this isn't exactly a small hole, especially if you run it as root (not
> suid).
> 
> > This is not an appeal to have ppp's security enhancements reverted.  Clearly,
> > making ppp more secure is a Good Thing.
> 
> Yes.

    You seem to be missing my point.  I have almost _no need_ for security on
this connection because I am the only one with physical access to it, and the
network exposure it sees is extremely small.

    You may recall that this thread started because I was looking for a way
to start ppp without having to type a password, and I found it.  I was not
looking for instructions on how to make this box C2-certified.