Date: Sun, 28 Jun 1998 13:23:04 -0400 From: Nathan Dorfman <nathan@rtfm.net> To: Niall Smart <njs3@doc.ic.ac.uk>, freebsd-current@FreeBSD.ORG Cc: Dmitrij Tejblum <dt@FreeBSD.ORG>, jose@nobody.org Subject: pppd suid root? (Re: bin/7070) Message-ID: <19980628132304.A9279@rtfm.net> In-Reply-To: <199806270937.NAA01697@tejblum.dnttm.rssi.ru>; from Dmitrij Tejblum on Sat, Jun 27, 1998 at 01:37:01PM %2B0400 References: <E0ypkMQ-00060L-00@oak67.doc.ic.ac.uk> <199806270937.NAA01697@tejblum.dnttm.rssi.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jun 27, 1998 at 01:37:01PM +0400, Dmitrij Tejblum wrote: > Niall Smart wrote: > > On Jun 26, 8:06am, Dmitrij Tejblum wrote: > > } Subject: Re: bin/7070 > > > Synopsis: pppd not setuid root > > > > > > State-Changed-From-To: open-closed > > > State-Changed-By: dt > > > State-Changed-When: Fri Jun 26 08:03:33 PDT 1998 > > > State-Changed-Why: > > > Fixed in src/usr.sbin/pppd/Makefile rev 1.4.2.2 > > > > Fixed eh? > > Yeah. It always was setuid, and Peter obviously didn't want to change > it. -stable is not the place to introduce changes, you know. If you > think that the permissions are wrong, let's discuss it on some mailing > such as -security or -current, first. Or fill a PR. I don't have strong > opinion on this, I just fixed a -stable breakage. Okay. > > So why is pppd setuid? > > To allow non-root users to dial out, I think. Perhaps, to allow > non-root users to dial in. I don't think this is such a hot idea. For example, the ppp link is the only net link at rtfm.net. If pppd is suid root, and the current instance dies, it is automatically respawned by /etc/ttys. However, if a luser's script runs his own pppd in that time, with the lock option, he'll lock access to the modem and the machine's connectivity is dead. Even if ppp isn't the only link to the net, if a luser runs pppd with the defaultroute option, the routing table's default entry will point to the machine on the other end of the ppp link if the connection is successful. This is a Bad Thing even *if* the other machine isn't a dead end. > Dima -- ________________ ___________________________________________ / Nathan Dorfman \ / "My problems start when the smarter bears / nathan@rtfm.net \/ and the dumber visitors intersect." / finger for PGP key \ Steve Thompson, Yosemite wildlife biologist To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980628132304.A9279>