Date: Sun, 07 Sep 1997 13:50:28 +0100 From: Brian Somers <brian@awfulhak.org> To: Snob Art Genre <benedict@echonyc.com> Cc: Brian Somers <brian@awfulhak.org>, freebsd-stable@FreeBSD.ORG Subject: Re: Don Croyle: make world failing at ppp install (again) Message-ID: <199709071250.NAA21742@awfulhak.demon.co.uk> In-Reply-To: Your message of "Sun, 07 Sep 1997 06:09:49 EDT." <Pine.GSO.3.96.970907060617.21862B-100000@echonyc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> At about the same time as the group ownership change, I became unable to
> run PPP except as root.
>
> Even though the binary had the setuid bit set, was group executable, and
> belonged to root:network, and my user account belonged to group network,
> whenever I tried to run it it said it could only be used in client mode by
> uid 0.
>
> I've been working around this by su'ing before launching PPP, but I wonder
> if there's a better fix.
This is a "feature" :-I
If normal users are allowed to run ppp in client mode, they can alter
the routing tables and point things at a local machine where they can
then start "massaging" packets. Even being a member of a specific
group is somewhat bogus - only root is allowed to alter the routing
table, so only root should really be allowed to run ppp (running ppp
*requires* access to the routing table).
Having said all this, sites that don't want to use PAP/CHAP to
authenticate incoming connections will set incoming users up with a
regular login and want to execute ppp from there (hopefully in their
profile or as a login shell). Therefore, the group thing was done
where such accounts must be group network (this is infinitely better
than insisting that such accounts are uid 0). It's up to the admin to
make sure that either the user can't get a shell, or if they can get
a shell, that they can't alter their config files.
Now if someone were to argue that normal users should be allowed to
run ppp where the only "uid 0" thing done is the ifconfig bit, I'd
probably agree that this is a good alternative... but how small do
you allow their mask to be on the "set ifaddr" line ?????
Sliplogin has now been changed to root.network/4550 too for the same
reasons. I intend to change pppd, but this is a tad more tricky as
it doesn't seem to be that easy to distinguish between client and
server mode :-(
> Ben
>
> "You have your mind on computers, it seems."
>
--
Brian <brian@awfulhak.org>, <brian@freebsd.org>
<http://www.awfulhak.org>;
Don't _EVER_ lose your sense of humour....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709071250.NAA21742>