[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#4673: ppp insecure


Ian Jackson in Debian-Bug#4673
> Furthermore, I have doubts as to whether pppd was designed to be
> installed setuid.  Are there any facilities for limiting which options
> can be set by unprivileged users, and if not why are they not
> documented ?

I checked this in source and I'm not sure about it. The connector and
disconnector (chat) scripts are run in user context. ip-up and down which
are run by root are not configurable by th user. With the global options
file you can prevent the user from setting the default route (-defaultroute)
and from picking a random our_name (Together with requiring auth I think
this might prevent picking random addresses as long as there is no wildcard
entry in pap/chap secrets, yes?).

This means:

should stop most danger from local user avle to execute SUID pppd. But I'm
not sure about that topic (cc: linux-ppp@vger.rutgers.edu).

> It seems likely to me that pppd wasn't designed for setuid use and
> that installing it setuid will allow any user to get root by for
> example having pppd write logs to unusual places or whatever.

The 'only' thing I can think of are 'unsecure' /etc/ppp/options files which
allows local users to damage routing, arp or add 'new local addresses'.

  (OO)      -- Bernd_Eckenfels@Wittumstrasse13.76646Bruchsal.de --
 ( .. )   ecki@{lina.inka.de,linux.de}  http://home.pages.de/~eckes/
  o--o     *plush*  2048/A2C51749  eckes@irc  +4972573817  *plush*
(O____O)       If privacy is outlawed only Outlaws have privacy

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: