[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /etc/ppp/pap-secrets is read/writable only by root

Avery Pennarun <apenwarr@worldvisions.ca> writes:

> The problem is that pppd 2.3 no longer provides the "+ua" option, and so
> /etc/ppp/pap-secrets and /etc/ppp/chap-secrets must be modified by wvdial in
> order for it to work.
> However, the ppp package provides /etc/ppp/{pap,chap}-secrets as mode 0600,
> owned by root.  Thus, wvdial, which otherwise could run as a normal user
> (and call a setuid pppd when necessary) must now run as root.

It is also possible to put something like:

c.evans clear   @/home/carey/etc/clear.pass
evansc  prgsrv1 @/home/carey/etc/prg.pass

to store the passwords elsewhere.  However, unless it's changed
recently, *any* user can read these passwords if they can set (e.g.)
user and remotename, even with permissions set to 600.  These are now
privileged if noauth is included, so I don't think it's actually a
problem if things are set up well.

This might not make things much easier though.

	 Carey Evans  http://home.clear.net.nz/pages/c.evans/

	  GNU GPL: "The Source will be with you... always."

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: