Bug#4673: ppp insecure

To: Debian bugs submission address <submit@bugs.debian.org>
Subject: Bug#4673: ppp insecure
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Wed, 2 Oct 96 17:44 BST
Message-id: <[🔎] m0v8UP3-0004O4C@chiark.greenend.org.uk>
Reply-to: Ian Jackson <ijackson@chiark.greenend.org.uk>, 4673@bugs.debian.org

Package: ppp
Version: 2.2.0f-6

After installing, inspecting the /etc/ppp/pap-secrets file reveals:
...
# Every regular user can use PPP and has to use passwords from /etc/passwd
*      chiark ""
...

Furthermore, /usr/sbin/pppd is setuid root and world-executable,
contrary to advice in /usr/doc/ppp/README.linux.

I'm not very familiar with the security features of ppp, but it seems
highly likely that there are several security problems here.

Ian.

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

Prev by Date: Dominik Kubla's crypto packages from Mainz
Next by Date: Bug#4674: ppp postinst bugs
Previous by thread: Dominik Kubla's crypto packages from Mainz
Next by thread: Bug#4673: ppp insecure
Index(es):
- Date
- Thread