Date: Mon, 03 Nov 1997 22:41:59 +0000 From: Brian Somers <brian@awfulhak.org> To: freebsd-hackers@FreeBSD.org Subject: ppp & pppctl Message-ID: <199711032241.WAA06861@awfulhak.demon.co.uk>
next in thread | raw e-mail | index | archive | help
Hi, Recently, I made some rather gratuitous changes to security in user-ppp. Some were "for" the changes, and some were "against". Lots was said - which I suspect means that it's something that should really be more configurable. At the moment it works like this: 1. Only uid 0 can run ppp without the -direct flag. 2. Only uid 0 or group ``network'' can run ppp with the -direct flag, but some uid 0 things are allowed (ppp has perms 4550). 3. A socket is created on AF_INET:3000 by default with the following ``properties'': 1. You *must* set a password in /etc/ppp/ppp.secrets 2. You *may* set an empty password (not documented), but even if it's empty, you must still type ``passwd'' at the ppp prompt after connecting. 3. You may disable the socket or make it an AF_UNIX socket. 4. You can *always* -USR1 ppp to re-open the socket on AF_INET:3000+tunno. 4. Pppctl can send commands to ppp from the command line and has a -p option to specify the password. I suggest the following model: 1. The command "set users user-list" is introduced where user-list is a list of user names. The default is empty. If users are included in this list (or if your uid is 0), they may run ppp without the -direct flag. The check is done *after* the ppp section is loaded (and may be part of the default label). 2. The command "set modes mode-list" is introduced where mode-list is a list of allowable modes from "auto", "background", "ddial", "direct", "interactive" and "all". This command augments ``1.'' as the super-user may set up profiles that may not be altered. The default is "all modes". 3. Permissions stay the same. You've gotta be group network to have a chance of running ppp at all. This means that the default is root only 'cos of file system permissions. 4. No socket is created by default. 1. You *must* set a password in /etc/ppp/ppp.secrets or on the "set server" command line: set server|socket TcpPort|LocalName|none [passwd] [mask] 2. If you specify an empty password, you don't need to use the ``passwd'' command. 3. You can *always* -USR1 ppp to re-open the socket on AF_INET:3000+tunno. 5. Pppctl can already handle the ppp prompt when it doesn't want a password (ppp doesn't prompt or require the -p option). 6. Pppctl will have an ``interactive'' mode, taking away ``telnet''s attraction. 7. $HOME/.ppp.* are removed. The "!include" command is added instead, which understands ``~'' and environment variables. Any thoughts or suggestions ? -- Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <bri@OpenBSD.org> <http://www.Awfulhak.org> Don't _EVER_ lose your sense of humour....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711032241.WAA06861>