Re: /etc/ppp/pap-secrets is read/writable only by root

To: debian-devel@lists.debian.org
Subject: Re: /etc/ppp/pap-secrets is read/writable only by root
From: Carey Evans <c.evans@clear.net.nz>
Date: 08 Feb 1998 16:13:38 +1300
Message-id: <[🔎] 87d8gyu6u5.fsf@psyche.evansnet>
In-reply-to: Avery Pennarun's message of Sat, 7 Feb 1998 20:33:25 -0500 (EST)
References: <[🔎] Pine.LNX.3.96.980207201033.30740F-100000@discovery.worldvisions.ca>

Avery Pennarun <apenwarr@worldvisions.ca> writes:

> The problem is that pppd 2.3 no longer provides the "+ua" option, and so
> /etc/ppp/pap-secrets and /etc/ppp/chap-secrets must be modified by wvdial in
> order for it to work.
> 
> However, the ppp package provides /etc/ppp/{pap,chap}-secrets as mode 0600,
> owned by root.  Thus, wvdial, which otherwise could run as a normal user
> (and call a setuid pppd when necessary) must now run as root.

It is also possible to put something like:

c.evans clear   @/home/carey/etc/clear.pass
evansc  prgsrv1 @/home/carey/etc/prg.pass

to store the passwords elsewhere.  However, unless it's changed
recently, *any* user can read these passwords if they can set (e.g.)
user and remotename, even with permissions set to 600.  These are now
privileged if noauth is included, so I don't think it's actually a
problem if things are set up well.

This might not make things much easier though.

-- 
	 Carey Evans  http://home.clear.net.nz/pages/c.evans/

	  GNU GPL: "The Source will be with you... always."

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- /etc/ppp/pap-secrets is read/writable only by root
  - From: Avery Pennarun <apenwarr@worldvisions.ca>

Prev by Date: Re: Intent to package bo-upgrade (autoup.sh)
Next by Date: package bo-upgrade
Previous by thread: /etc/ppp/pap-secrets is read/writable only by root
Next by thread: Re: /etc/ppp/pap-secrets is read/writable only by root
Index(es):
- Date
- Thread