Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 03 Nov 1997 22:41:59 +0000
From:      Brian Somers <brian@awfulhak.org>
To:        freebsd-hackers@FreeBSD.org
Subject:   ppp & pppctl
Message-ID:  <199711032241.WAA06861@awfulhak.demon.co.uk>

next in thread | raw e-mail | index | archive | help
Hi,

Recently, I made some rather gratuitous changes to security in 
user-ppp.  Some were "for" the changes, and some were "against". 
Lots was said - which I suspect means that it's something that 
should really be more configurable.

At the moment it works like this:

1.  Only uid 0 can run ppp without the -direct flag.
2.  Only uid 0 or group ``network'' can run ppp with the -direct flag, 
    but some uid 0 things are allowed (ppp has perms 4550).
3.  A socket is created on AF_INET:3000 by default with the following 
    ``properties'':

    1.  You *must* set a password in /etc/ppp/ppp.secrets
    2.  You *may* set an empty password (not documented), but even if 
        it's empty, you must still type ``passwd'' at the ppp prompt 
        after connecting.
    3.  You may disable the socket or make it an AF_UNIX socket.
    4.  You can *always* -USR1 ppp to re-open the socket on 
        AF_INET:3000+tunno.

4.  Pppctl can send commands to ppp from the command line and has a 
    -p option to specify the password.


I suggest the following model:

1.  The command "set users user-list" is introduced where user-list 
    is a list of user names.  The default is empty.  If users are 
    included in this list (or if your uid is 0), they may run ppp 
    without the -direct flag.  The check is done *after* the ppp 
    section is loaded (and may be part of the default label).
2.  The command "set modes mode-list" is introduced where mode-list 
    is a list of allowable modes from "auto", "background", "ddial", 
    "direct", "interactive" and "all".  This command augments ``1.'' 
    as the super-user may set up profiles that may not be altered.  
    The default is "all modes".
3.  Permissions stay the same.  You've gotta be group network to have 
    a chance of running ppp at all.  This means that the default is 
    root only 'cos of file system permissions.
4.  No socket is created by default.

    1.  You *must* set a password in /etc/ppp/ppp.secrets or on the 
        "set server" command line:

        set server|socket TcpPort|LocalName|none [passwd] [mask]

    2.  If you specify an empty password, you don't need to use the 
        ``passwd'' command.
    3.  You can *always* -USR1 ppp to re-open the socket on 
        AF_INET:3000+tunno.

5.  Pppctl can already handle the ppp prompt when it doesn't want a 
    password (ppp doesn't prompt or require the -p option).
6.  Pppctl will have an ``interactive'' mode, taking away ``telnet''s 
    attraction.
7.  $HOME/.ppp.* are removed.  The "!include" command is added 
    instead, which understands ``~'' and environment variables.

Any thoughts or suggestions ?
-- 
Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <bri@OpenBSD.org>
      <http://www.Awfulhak.org>;
Don't _EVER_ lose your sense of humour....





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711032241.WAA06861>