[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /etc/ppp/pap-secrets is read/writable only by root

> Couldn't we just have something in /etc/ppp/options, which enables/disables
> the user's ability to use +ua?  I would certainly enable that option on my
> system, while I can easily see reasons for big servers to disable it.

Well it seems like a valid idea, but as a reasonably paranoid sysadmin, I'd 
rather not have yet another loop-hole to worry about.

I just got some mail from Al Longyear (upstream Linux PPP maintainer) about 
this, in which he spelt out some reasons for not doing this.  The most 
powerful of which IMO is that it would allow normal users to cause pppd to 
read any file on the system, which is a security problem just waiting to 

Are there really that many sites that trust their users enough to give them 
``ppp +ua'', but not enough to allow them to run wvdial under sudo ?

I would think that in general running wvdial once as root to set up the link, 
and then allowing users to use that link (as is possible already) would be the 
way to go.

Cheers, Phil.

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: