Bug#4673: ppp insecure

[Ian Jackson <ijackson@chiark.greenend.org.uk>]

Christoph Lameter writes ("Re: Bug#4673: ppp insecure"):
> On Wed, 2 Oct 1996, Ian Jackson wrote:
> > Package: ppp
> > Version: 2.2.0f-6
> > 
> > After installing, inspecting the /etc/ppp/pap-secrets file reveals:
> > ...
> > # Every regular user can use PPP and has to use passwords from /etc/passwd
> > *      chiark ""
>
> The setup in /etc/ppp/options will lead to pppd using /etc/passwd instead
> of /etc/ppp/pap-secrets to verify users. This simplifies maintenance and
> is what is needed to make Win95 / WinNT / MacPPP / Trumpet Winsock dialup
> work without scripts using /etc/passwd verification.
> Please read the comments in the pap-secrets file.

The problem isn't that incoming dialin users are getting the wrong
kind of authentication.

The problem is that with the configuration as shipped any unprivileged
user can run pppd (I have verified this) and quite likely interfere
with the system's sensible operation.

Furthermore, I have doubts as to whether pppd was designed to be
installed setuid.  Are there any facilities for limiting which options
can be set by unprivileged users, and if not why are they not
documented ?

It seems likely to me that pppd wasn't designed for setuid use and
that installing it setuid will allow any user to get root by for
example having pppd write logs to unusual places or whatever.

Ian.

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com