Date: Sat, 12 Sep 1998 12:14:15 +0100 From: Brian Somers <brian@Awfulhak.org> To: waterman@acm.org Cc: Marc Giannoni <marc@versa.eng.comsat.com>, stable@FreeBSD.ORG Subject: Re: Dialup PPP Message-ID: <199809121114.MAA10336@woof.lan.awfulhak.org> In-Reply-To: Your message of "Fri, 11 Sep 1998 10:15:11 PDT." <199809111715.KAA08729@home>
next in thread | previous in thread | raw e-mail | index | archive | help
> Anyone know any outstanding security holes in ppp? Brian?
Nope. Even if /etc/ppp/ppp.conf isn't properly protected, ppp should
refuse to run.
Of course this shouldn't have been a problem for the original poster
as getty's run as root, and root has permission to run ppp. The only
exception is if /usr/sbin/ppp is on an NFS drive and has permissions
4550. If the NFS mount maps root to nobody (the default), ppp won't
be executable by root.
To correct this, the permissions have now been changed to 4554. The
remote machine allows ppp to be read and the local machine will
execute it because it's executable by root.
Alternatively, add root to group network.
--
Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org>
<http://www.Awfulhak.org>;
Don't _EVER_ lose your sense of humour....
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809121114.MAA10336>