Re: Bug#4673: ppp insecure

To: Debian developers list <debian-devel@lists.debian.org>
Subject: Re: Bug#4673: ppp insecure
From: Ian Jackson <ian@chiark.greenend.org.uk>
Date: Mon, 18 Nov 96 01:23 GMT
Message-id: <m0vPIRC-0004PZC@chiark.greenend.org.uk>

Christoph Lameter:
> [Ian Jackson:]
> >with these security considerations in mind.  On two of my systems a
> >user who can run pppd can break root.
> 
> How?

Because I use ppp as part of a supposedly-secure tunnel between two
machines so that I can do remote admin.  If users can invoke pppd they
can probably gain control of an IP# that my security configuration
thinks is in the protected, secure space.

> Even the dip solution is a big problem for us here. We have to put 750
> users into the dip group to make it work.

You didn't really need to do this.  You could, for example, have made
your own setuid wrapper.

Ian.

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

Follow-Ups:
- Re: Bug#4673: ppp insecure
  - From: Christoph Lameter <clameter@waterf.org>

Prev by Date: Re: X Configuration Interface for Debian
Next by Date: Re: X Configuration Interface for Debian
Previous by thread: Re: Bug#4673: ppp insecure
Next by thread: Re: Bug#4673: ppp insecure
Index(es):
- Date
- Thread