From owner-freebsd-stable Mon Sep 8 14:06:55 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id OAA03963 for stable-outgoing; Mon, 8 Sep 1997 14:06:55 -0700 (PDT) Received: from awfulhak.demon.co.uk (awfulhak.demon.co.uk [158.152.17.1]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA03954 for ; Mon, 8 Sep 1997 14:06:46 -0700 (PDT) Received: from gate.lan.awfulhak.org (localhost [127.0.0.1]) by awfulhak.demon.co.uk (8.8.5/8.8.5) with ESMTP id VAA04570; Mon, 8 Sep 1997 21:45:26 +0100 (BST) Message-Id: <199709082045.VAA04570@awfulhak.demon.co.uk> X-Mailer: exmh version 2.0zeta 7/24/97 To: "Rodney W. Grimes" cc: nate@mt.sri.com (Nate Williams), brian@awfulhak.org, freebsd-stable@freebsd.org Subject: Re: Don Croyle: make world failing at ppp install (again) In-reply-to: Your message of "Mon, 08 Sep 1997 00:28:39 PDT." <199709080728.AAA16253@GndRsh.aac.dev.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 08 Sep 1997 21:45:26 +0100 From: Brian Somers Sender: owner-freebsd-stable@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > You can wave your hands all around about ease of use vs doing it > right, but the bottom line is as ppp stands today it is a security > hole, and security holes are bad karma. > > Okay the group network cuts down the exposure, no you only have to deal > with a fist full of users who can bring your router down. > > I simply fix most of the problem by rm'ing the user land ppp files, > use the kernel version, make sure I don't have any tun drivers, etc. This is getting silly ! Now, by default, *nobody* except root can run ppp, PERIOD. If an admin chooses to make someone a member of group network, they'd better make sure that said user can't access the ppp config files. Now, please, where's the hole ? > > > Running ppp does _NOT_ *requires* write access to the routing table, > > > this is much much much better handled by properly configuring > > > a real routing daemon and running real routing protocols. > > > > Bzzt, thanks for playing, but for 99.9999999% of the folks who run a PPP > > connection, a 'real routing daemon' is way overkill and will cause them > > no-end of headaches. > > And for those 99.9999% of the folks /sbin/routed -q will do just what > they need. Now was that so hard. I didn't say the only real routing > daemon was gated, but for server side ppp boxes it's a lot more guttsy > than /sbin/routed. If you have VLSM run routed in ripv2 mode. But Nate & others are pointing out that most users don't want a routing daemon at all. They have a routing table with a loopback from ifconfig'ing lo0, a ppp route from ifconfig'ing tun0 and a default down that tun route. A large chunk of these users also have a LAN with another route that's the result of their ifconfig. No routing daemon is required - I'd nearly vote for disabling routed -q for this reason. > > > > > Infact I have to go to great pains to _stop_ what ppp tries to do to > > > the routing tables, gated handles it MUCH better! > > > > Gated handles nothing better unless you've got a spare 40 hours to > > dedicate to figuring out how it works. Gated is only necessary if > > you've got multiple 'routes', and most (see above) folks have a single > > network connection which is their PPP link. > > > > Engineering is finding the best solution for most folks, optimizing it > > for it while trying to not penalize the rest of the folks. What ijppp > > does is take the engineering approach, and not find the 'best/most > > complicated/gated' solution. > > And leaves a big security hole.... Not if you don't make it yourself - if you want incoming sessions, use PAP/CHAP and *never* make anyone a member of group network. > -- > Rod Grimes rgrimes@gndrsh.aac.dev.com > Accurate Automation, Inc. Reliable computers for FreeBSD -- Brian , Don't _EVER_ lose your sense of humour....