Re: /etc/ppp/pap-secrets is read/writable only by root
Avery Pennarun <apenwarr@worldvisions.ca> writes:
> The problem is that pppd 2.3 no longer provides the "+ua" option, and so
> /etc/ppp/pap-secrets and /etc/ppp/chap-secrets must be modified by wvdial in
> order for it to work.
>
> However, the ppp package provides /etc/ppp/{pap,chap}-secrets as mode 0600,
> owned by root. Thus, wvdial, which otherwise could run as a normal user
> (and call a setuid pppd when necessary) must now run as root.
It is also possible to put something like:
c.evans clear @/home/carey/etc/clear.pass
evansc prgsrv1 @/home/carey/etc/prg.pass
to store the passwords elsewhere. However, unless it's changed
recently, *any* user can read these passwords if they can set (e.g.)
user and remotename, even with permissions set to 600. These are now
privileged if noauth is included, so I don't think it's actually a
problem if things are set up well.
This might not make things much easier though.
--
Carey Evans http://home.clear.net.nz/pages/c.evans/
GNU GPL: "The Source will be with you... always."
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: