From owner-freebsd-security  Wed Aug  7 23:18:16 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id XAA13713
          for security-outgoing; Wed, 7 Aug 1996 23:18:16 -0700 (PDT)
Received: from scapa.cs.ualberta.ca (root@scapa.cs.ualberta.ca [129.128.4.44])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA13708
          for <freebsd-security@freebsd.org>; Wed, 7 Aug 1996 23:18:15 -0700 (PDT)
Received: from ve6kik by scapa.cs.ualberta.ca with UUCP id <13071-14786>; Thu, 8 Aug 1996 00:18:01 -0600
Received: from alive.ampr.ab.ca by ve6kik.ampr.ab.ca with uucp
	(Smail3.1.28.1 #5) id m0uoOFp-000OHOC; Thu, 8 Aug 96 00:07 WET DST
Received: by alive.ampr.ab.ca (Linux Smail3.1.29.1 #2)
	id m0uoO7X-00028EC; Wed, 7 Aug 96 23:58 MDT
Date: 	Wed, 7 Aug 1996 23:58:58 -0600 (MDT)
From: Marc Slemko <marcs@alive.ampr.ab.ca>
To: freebsd-security@freebsd.org
Subject: Re: Two problems I have with FreeBSD security
In-Reply-To: <199608071632.JAA02642@kdat.calpoly.edu>
Message-ID: <Pine.LNX.3.91.960807235052.12042C-100000@alive.ampr.ab.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Wed, 7 Aug 1996, Nathan Lawson wrote:

> the expense of security (setuid root ppp/sliplogin... Why can't these be
> setgid uucp to open the modem device?)

Both programs need to do things such as modify routes and interfaces,
which can not be done except as root.  There are a couple of possible
workarounds to avoid making the programs setuid root, but it all comes
down to the fact that, under the current BSD kernel (along with most other
Unix kernels), you need to be root to do some of what ppp and sliplogin
do. 

-- 
Marc Slemko                                  1:342/1003@fidonet 
marcs@alive.ampr.ab.ca         marcs@alive.ersys.edmonton.ab.ca