Date: Mon, 08 Sep 1997 21:45:26 +0100 From: Brian Somers <brian@awfulhak.org> To: "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com> Cc: nate@mt.sri.com (Nate Williams), brian@awfulhak.org, freebsd-stable@freebsd.org Subject: Re: Don Croyle: make world failing at ppp install (again) Message-ID: <199709082045.VAA04570@awfulhak.demon.co.uk> In-Reply-To: Your message of "Mon, 08 Sep 1997 00:28:39 PDT." <199709080728.AAA16253@GndRsh.aac.dev.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> You can wave your hands all around about ease of use vs doing it > right, but the bottom line is as ppp stands today it is a security > hole, and security holes are bad karma. > > Okay the group network cuts down the exposure, no you only have to deal > with a fist full of users who can bring your router down. > > I simply fix most of the problem by rm'ing the user land ppp files, > use the kernel version, make sure I don't have any tun drivers, etc. This is getting silly ! Now, by default, *nobody* except root can run ppp, PERIOD. If an admin chooses to make someone a member of group network, they'd better make sure that said user can't access the ppp config files. Now, please, where's the hole ? > > > Running ppp does _NOT_ *requires* write access to the routing table, > > > this is much much much better handled by properly configuring > > > a real routing daemon and running real routing protocols. > > > > Bzzt, thanks for playing, but for 99.9999999% of the folks who run a PPP > > connection, a 'real routing daemon' is way overkill and will cause them > > no-end of headaches. > > And for those 99.9999% of the folks /sbin/routed -q will do just what > they need. Now was that so hard. I didn't say the only real routing > daemon was gated, but for server side ppp boxes it's a lot more guttsy > than /sbin/routed. If you have VLSM run routed in ripv2 mode. But Nate & others are pointing out that most users don't want a routing daemon at all. They have a routing table with a loopback from ifconfig'ing lo0, a ppp route from ifconfig'ing tun0 and a default down that tun route. A large chunk of these users also have a LAN with another route that's the result of their ifconfig. No routing daemon is required - I'd nearly vote for disabling routed -q for this reason. > > > > > Infact I have to go to great pains to _stop_ what ppp tries to do to > > > the routing tables, gated handles it MUCH better! > > > > Gated handles nothing better unless you've got a spare 40 hours to > > dedicate to figuring out how it works. Gated is only necessary if > > you've got multiple 'routes', and most (see above) folks have a single > > network connection which is their PPP link. > > > > Engineering is finding the best solution for most folks, optimizing it > > for it while trying to not penalize the rest of the folks. What ijppp > > does is take the engineering approach, and not find the 'best/most > > complicated/gated' solution. > > And leaves a big security hole.... Not if you don't make it yourself - if you want incoming sessions, use PAP/CHAP and *never* make anyone a member of group network. > -- > Rod Grimes rgrimes@gndrsh.aac.dev.com > Accurate Automation, Inc. Reliable computers for FreeBSD -- Brian <brian@awfulhak.org>, <brian@freebsd.org> <http://www.awfulhak.org> Don't _EVER_ lose your sense of humour....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709082045.VAA04570>