From owner-freebsd-bugs  Sat Aug  7  0:31:49 1999
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 7189F14F32
	for <freebsd-bugs@FreeBSD.org>; Sat,  7 Aug 1999 00:31:47 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id AAA64789;
	Sat, 7 Aug 1999 00:30:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from poboxer.pobox.com (ferg5200-1-19.cpinternet.com [208.149.16.19])
	by hub.freebsd.org (Postfix) with ESMTP id 0282514D82
	for <FreeBSD-gnats-submit@freebsd.org>; Sat,  7 Aug 1999 00:25:42 -0700 (PDT)
	(envelope-from alk@poboxer.pobox.com)
Received: (from alk@localhost)
	by poboxer.pobox.com (8.9.3/8.9.1) id CAA32555;
	Sat, 7 Aug 1999 02:24:53 -0500 (CDT)
	(envelope-from alk)
Message-Id: <199908070724.CAA32555@poboxer.pobox.com>
Date: Sat, 7 Aug 1999 02:24:53 -0500 (CDT)
From: Anthony Kimball <alk@pobox.com>
Reply-To: alk@pobox.com
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: bin/13009: ppp configuration file permission bits
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         13009
>Category:       bin
>Synopsis:       ppp(8) does draconian permission checks on its config file
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Aug  7 00:30:01 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator:     Anthony Kimball
>Release:        FreeBSD 3.2-STABLE i386
>Organization:
Dis
>Environment:

vanilla

>Description:

ppp(8) will not operate if the current non-root user has permission
to write to its configuration file or its parent directories.

>How-To-Repeat:

sudo chmod g+w /etc/ppp/ppp.conf
ppp

>Fix:

Change the check from access(conf,W_OK) to detecting
erroneous S_IWOTH bits, thus allowing group access:
	
diff -u main.c main.c.old
--- main.c	Sat Aug  7 02:13:29 1999
+++ main.c.old	Sun May  2 03:59:47 1999
@@ -37,7 +37,6 @@
 #include <sys/time.h>
 #include <termios.h>
 #include <unistd.h>
-#include <sys/stat.h>
 
 #ifndef NOALIAS
 #ifdef __FreeBSD__
@@ -304,9 +303,7 @@
 
     snprintf(conf, sizeof conf, "%s/%s", _PATH_PPP, CONFFILE);
     do {
-      struct stat sb;
-
-      if (stat(conf,&sb) || (sb.st_mode & S_IWOTH)) {
+      if (!access(conf, W_OK)) {
         log_Printf(LogALERT, "ppp: Access violation: Please protect %s\n",
                    conf);
         return -1;



>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message