Date: Fri, 11 Oct 1996 11:58:46 +0200 (MET DST) From: sos@FreeBSD.org To: ache@nagual.ru (=?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?=) Cc: joerg_wunsch@uriah.heep.sax.de, sos@freefall.freebsd.org, CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-usrsbin@freefall.freebsd.org Subject: Re: cvs commit: src/usr.sbin/ppp command.c Message-ID: <199610110958.LAA15010@ra.dkuug.dk> In-Reply-To: <199610110917.NAA00448@nagual.ru> from "=?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?=" at Oct 11, 96 01:17:44 pm
next in thread | previous in thread | raw e-mail | index | archive | help
In reply to =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= who wrote:
>
> > As Soren Schmidt wrote:
> > > sos 96/10/10 04:27:38
> > >
> > > Modified: usr.sbin/ppp command.c
> > > Log:
> > > Allow shell commands in all modes.
> >
> > Do you get a root shell now if you run ``ppp -auto'', connect to port
> > 3000, and issue a `shell'? I would consider this a very bad move!
> >
>
> Yes, we just make security hole, it should be fixed.
Oops... I guess it was too late in the night when I did that...
Any good suggestions as how to make this work securely ??
Maybe only allowing the program named in the ppp.xxx file, that
way security is at the/etc/ppp level.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Soren Schmidt (sos@FreeBSD.org) FreeBSD Core Team
So much code to hack -- so little time.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610110958.LAA15010>