Bug#126406: kppp: Alternative for using noauth as suggested by README
On Thursday 22 April 2004 07:36, Ernst Kloppenburg wrote:
> On Wed, Apr 21, 2004 at 00:29:54 +0200, Achim Bohnet wrote:
> >
> > FWIW here's my alternative:
> > to avoid setting noauth in /etc/peer/options I use
> >
> > allee[0] ~ # cat /etc/ppp/peers/kppp-options
> > noauth
> >
> > and added 'call kppp-options' to kppps 'Customize pppd arguments'
> > option.
> >
> > I assume that it would not be compilicated to patch kppp to
> > add 'call kppp-options' as default for new connections and
> > include the simple /etc/ppp/peers/kppp-option to the kppp pkg.
> >
>
> yes, this seems to be the real solution. Better than any advice in a
> README. Who would make the change?
Well, pkgs maintainer always get a copy if one CC <bug-#@b.d.o> ;)
I got a laptop with a working modem card working on linux to fix some
problems. And realized
o noauth is already the default additional pppd option
o only possibility (I found) to get kpp to work with
pap/chap is to suid it to root because kppp writes
stuff to /etc/ppp/{pap,chap}-secrets (cp,modify,rename AFIAR)
(looks like worth another bug report)
I don't have access to the laptop anymore. So could you please try if
'noauth' instead of 'call kppp-options' works if you do
dpkg-statoverride --force --add root 4754 root dip /usr/sbin/kppp # permanent
or
chmod 4754 /usr/sbin/kppp # until next kppp upgrade
?
At least here in Germany all ISP require either PAP or CHAP
authentification (guess somewhere else too) and this makes
kppp unusable as it is now (kppp in 2.* was setuid root AFAIR
and 2.* was done by Ivan who also wrote the README. Hmm..., aaahhh
http://lists.debian.org/debian-kde/2003/debian-kde-200303/msg00339.html
http://lists.debian.org/debian-kde/2003/debian-kde-200303/msg00316.html
http://lists.debian.org/debian-kde/2003/debian-kde-200310/msg00076.html
;)
I really suspect now that noauth okay but suid bit is missing.
If I miss the trick to the get PAP and/or CHAP working with
only sgid dip, please let me know.
Achim
P.S. When suid root is the route to go I would vote to keep
'noauth' instead of my 'call kppp-options' because it more secure.
>
> E. Kloppenburg
>
> --
> Ernst Kloppenburg
> Stuttgart, Germany
>
>
>
--
To me vi is Zen. To use vi is to practice zen. Every command is
a koan. Profound to the user, unintelligible to the uninitiated.
You discover truth everytime you use it.
-- reddy@lion.austin.ibm.com
Reply to: