Re: /etc/ppp/pap-secrets is read/writable only by root
On Mon, Feb 09, 1998 at 10:56:45AM +0000, Philip Hands wrote:
> > 5) Run wvdial only as root. WvDial-0.30 will be available shortly with
> > the ability to modify /etc/ppp/{pap,chap}-secrets whenever it has
> > permission.
>
> It seems to me that the +ua option has been removed because it allows the
> possibility of a user bringing up a connection to a machine to which the
> sysadmin had not intended to allow them to connect.
Most likely.
> I would not expect many people to be paranoid enough to worry about this,
> but those that do would be upset by us re-enabling the +ua option.
Couldn't we just have something in /etc/ppp/options, which enables/disables
the user's ability to use +ua? I would certainly enable that option on my
system, while I can easily see reasons for big servers to disable it.
> Presumably, once you've run wvdial as root once, the secrets do not need
> modification and the link will come up if it is run non-root ?
Probably true, in the new experimental wvdial that actually updates
pap-secrets. I suppose that's better than nothing, you're right.
> Is it enough to insist that it be run as root the first time that each
> connection is set up ? What other problems are caused if this is done ?
The biggest problem is what you mentioned: there is no possibility of a
user bringing up a connection which the sys-admin had not intended them to
create. In some environments, that kind of behaviour is desirable but a
world read/writable pap-secrets is not!
Thanks,
Avery
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: