Bug#4673: ppp insecure
Hi,
Ian Jackson in Debian-Bug#4673
> Furthermore, I have doubts as to whether pppd was designed to be
> installed setuid. Are there any facilities for limiting which options
> can be set by unprivileged users, and if not why are they not
> documented ?
I checked this in source and I'm not sure about it. The connector and
disconnector (chat) scripts are run in user context. ip-up and down which
are run by root are not configurable by th user. With the global options
file you can prevent the user from setting the default route (-defaultroute)
and from picking a random our_name (Together with requiring auth I think
this might prevent picking random addresses as long as there is no wildcard
entry in pap/chap secrets, yes?).
This means:
-------------/etc/ppp/options
-defaultroute
auth
hostname:
-----------------------------
should stop most danger from local user avle to execute SUID pppd. But I'm
not sure about that topic (cc: linux-ppp@vger.rutgers.edu).
> It seems likely to me that pppd wasn't designed for setuid use and
> that installing it setuid will allow any user to get root by for
> example having pppd write logs to unusual places or whatever.
The 'only' thing I can think of are 'unsecure' /etc/ppp/options files which
allows local users to damage routing, arp or add 'new local addresses'.
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels@Wittumstrasse13.76646Bruchsal.de --
( .. ) ecki@{lina.inka.de,linux.de} http://home.pages.de/~eckes/
o--o *plush* 2048/A2C51749 eckes@irc +4972573817 *plush*
(O____O) If privacy is outlawed only Outlaws have privacy
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: