From owner-freebsd-hackers  Fri Aug 16 08:47:45 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id IAA18927
          for hackers-outgoing; Fri, 16 Aug 1996 08:47:45 -0700 (PDT)
Received: from dada.kaizen.net (dada.kaizen.net [206.27.236.38])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id IAA18896
          for <hackers@freefall.freebsd.org>; Fri, 16 Aug 1996 08:47:41 -0700 (PDT)
Received: from localhost (mnewell@localhost) by dada.kaizen.net (8.7.5/8.7.3) with SMTP id LAA12220; Fri, 16 Aug 1996 11:43:54 -0400 (EDT)
X-Authentication-Warning: dada.kaizen.net: mnewell owned process doing -bs
Date: Fri, 16 Aug 1996 11:43:53 -0400 (EDT)
From: Mike Newell <mnewell@kaizen.net>
To: Nate Williams <nate@mt.sri.com>
cc: Joe Greco <jgreco@brasil.moneng.mei.com>, hackers@freefall.freebsd.org
Subject: Re: Routed supports variable-length netmasks?
In-Reply-To: <199608161532.JAA06486@rocky.mt.sri.com>
Message-ID: <Pine.SGI.3.95.960816113405.11933C-100000@dada.kaizen.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Fri, 16 Aug 1996, Nate Williams wrote:

> /etc/ppp/ip-up and /etc/ppp/ip-down are run as root, no matter who the
> login user is.  This also means you must be careful what you put in
> there, but since the environment is safeguarded pretty well it would be
> hard to break into a system via them.

Well, in my case they didn't work.  So I added lines of the form:

   route add ...... >> /var/log/ip-up.log 2>&1

and found routed was complaining that routes can only be changed by root.
Reading the man page for pppd is specifically says:

       /etc/ppp/ip-up

		... snip ...

              This program or script is executed  with  the  same
              real  and  effective  user-ID  as pppd, that is, at
              least the effective user-ID and possibly  the  real
              user-ID  will  be  root.  This is so that it can be
              used to manipulate routes, run  privileged  daemons
              (e.g.   sendmail),  etc.   Be careful that the con-
              tents of the  /etc/ppp/ip-up  and  /etc/ppp/ip-down
              scripts do not compromise your system's security.


I'm not clear on how to interpret this, but apparently the _real_ UID is
root, but the _effective_ UID is that of the account used to invoke pppd. 
Route appears to check the effective UID, so it refuses to do its thing.
Setting the script SUID has no effect.  Neither does adding the ppp login
account to the "wheel" group.  :-(

As a workaround I log into our box as root [ugh!] to invoke pppd, but
clearly that's not the answer.  I'm running 2.1-RELEASE; maybe things
changed in 2.1.5? 

Thanks!

Mike