[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /etc/ppp/pap-secrets is read/writable only by root

On Tue, Feb 10, 1998 at 11:48:55AM +0000, Philip Hands wrote:

> Well it seems like a valid idea, but as a reasonably paranoid sysadmin, I'd 
> rather not have yet another loop-hole to worry about.
> I just got some mail from Al Longyear (upstream Linux PPP maintainer) about 
> this, in which he spelt out some reasons for not doing this.  The most 
> powerful of which IMO is that it would allow normal users to cause pppd to 
> read any file on the system, which is a security problem just waiting to 
> happen.

Well, naturally we would expect pppd to switch to the user's uid before
reading any file specified by the user, the same way that smail switches to
the user's uid before running commands in his .forward file.

> Are there really that many sites that trust their users enough to give
> them ``ppp +ua'', but not enough to allow them to run wvdial under sudo ?
> I would think that in general running wvdial once as root to set up the
> link, and then allowing users to use that link (as is possible already)
> would be the way to go.

Okay, you win.  After reading this and several other arguments, I think
updating the secrets file once as root on most systems is a reasonable idea. 
In particular, completely non-paranoid sysadmins (like me on my own system)
can just make their pap-secrets writable by the 'dip' group and it won't
really be any worse than making +ua available.

Have fun,


TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: