[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /etc/ppp/pap-secrets is read/writable only by root

On Mon, Feb 09, 1998 at 10:56:45AM +0000, Philip Hands wrote:

> > 5) Run wvdial only as root.  WvDial-0.30 will be available shortly with
> >    the ability to modify /etc/ppp/{pap,chap}-secrets whenever it has
> >    permission.
> It seems to me that the +ua option has been removed because it allows the
> possibility of a user bringing up a connection to a machine to which the
> sysadmin had not intended to allow them to connect.

Most likely.

> I would not expect many people to be paranoid enough to worry about this,
> but those that do would be upset by us re-enabling the +ua option.

Couldn't we just have something in /etc/ppp/options, which enables/disables
the user's ability to use +ua?  I would certainly enable that option on my
system, while I can easily see reasons for big servers to disable it.

> Presumably, once you've run wvdial as root once, the secrets do not need 
> modification and the link will come up if it is run non-root ?

Probably true, in the new experimental wvdial that actually updates
pap-secrets.  I suppose that's better than nothing, you're right.

> Is it enough to insist that it be run as root the first time that each 
> connection is set up ?  What other problems are caused if this is done ?

The biggest problem is what you mentioned:  there is no possibility of a
user bringing up a connection which the sys-admin had not intended them to
create.  In some environments, that kind of behaviour is desirable but a
world read/writable pap-secrets is not!



TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: