Date: Mon, 08 Sep 1997 21:45:26 +0100 From: Brian Somers <brian@awfulhak.org> To: "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com> Cc: nate@mt.sri.com (Nate Williams), brian@awfulhak.org, freebsd-stable@freebsd.org Subject: Re: Don Croyle: make world failing at ppp install (again) Message-ID: <199709082045.VAA04570@awfulhak.demon.co.uk> In-Reply-To: Your message of "Mon, 08 Sep 1997 00:28:39 PDT." <199709080728.AAA16253@GndRsh.aac.dev.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> You can wave your hands all around about ease of use vs doing it
> right, but the bottom line is as ppp stands today it is a security
> hole, and security holes are bad karma.
>
> Okay the group network cuts down the exposure, no you only have to deal
> with a fist full of users who can bring your router down.
>
> I simply fix most of the problem by rm'ing the user land ppp files,
> use the kernel version, make sure I don't have any tun drivers, etc.
This is getting silly ! Now, by default, *nobody* except root can
run ppp, PERIOD.
If an admin chooses to make someone a member of group network, they'd
better make sure that said user can't access the ppp config files.
Now, please, where's the hole ?
> > > Running ppp does _NOT_ *requires* write access to the routing table,
> > > this is much much much better handled by properly configuring
> > > a real routing daemon and running real routing protocols.
> >
> > Bzzt, thanks for playing, but for 99.9999999% of the folks who run a PPP
> > connection, a 'real routing daemon' is way overkill and will cause them
> > no-end of headaches.
>
> And for those 99.9999% of the folks /sbin/routed -q will do just what
> they need. Now was that so hard. I didn't say the only real routing
> daemon was gated, but for server side ppp boxes it's a lot more guttsy
> than /sbin/routed. If you have VLSM run routed in ripv2 mode.
But Nate & others are pointing out that most users don't want a
routing daemon at all. They have a routing table with a loopback
from ifconfig'ing lo0, a ppp route from ifconfig'ing tun0 and a
default down that tun route.
A large chunk of these users also have a LAN with another route
that's the result of their ifconfig.
No routing daemon is required - I'd nearly vote for disabling
routed -q for this reason.
> >
> > > Infact I have to go to great pains to _stop_ what ppp tries to do to
> > > the routing tables, gated handles it MUCH better!
> >
> > Gated handles nothing better unless you've got a spare 40 hours to
> > dedicate to figuring out how it works. Gated is only necessary if
> > you've got multiple 'routes', and most (see above) folks have a single
> > network connection which is their PPP link.
> >
> > Engineering is finding the best solution for most folks, optimizing it
> > for it while trying to not penalize the rest of the folks. What ijppp
> > does is take the engineering approach, and not find the 'best/most
> > complicated/gated' solution.
>
> And leaves a big security hole....
Not if you don't make it yourself - if you want incoming sessions,
use PAP/CHAP and *never* make anyone a member of group network.
> --
> Rod Grimes rgrimes@gndrsh.aac.dev.com
> Accurate Automation, Inc. Reliable computers for FreeBSD
--
Brian <brian@awfulhak.org>, <brian@freebsd.org>
<http://www.awfulhak.org>;
Don't _EVER_ lose your sense of humour....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709082045.VAA04570>