ppp security problem?

To: debian-devel@lists.debian.org
Subject: ppp security problem?
From: Lee Bradshaw <lee@sectionIV.com>
Date: Tue, 20 Jul 1999 23:22:48 -0400
Message-id: <[🔎] 19990720232248.A2512@freefall.home.sectionIV.com>
Mail-followup-to: debian-devel@lists.debian.org

Hi,

I just removed and reinstalled ppp and ppp-pam to check this problem
wasn't caused by me modifying the configuration. The pap-secrets file
claims that the options file should have the login option enabled or
users will be able to login without a password. The options file does
not have the option enabled. The options file does claim that mgetty
provides this option. It seems like the descriptions need to be changed
or there is a security problem. Any comments before I file a bug?

/etc/ppp/pap-secrets:
=====================
# ATTENTION: The definitions here can allow users to login without a
# password if you dont use the login option of pppd!
# The /etc/ppp/options file installed has the login option enabled

/etc/ppp/options:
=================
# Use the system password database for authenticating the peer using
# PAP. Note: mgetty already provides this option. If this is specified
# then dialin from users using a script under Linux to fire up ppp wont work.
# login

-- 
Lee Bradshaw                 lee@sectionIV.com (preferred)
Alantro Communications       lee@alantro.com

Reply to:

Follow-Ups:
- Re: ppp security problem?
  - From: Lee Bradshaw <lee@sectionIV.com>

Prev by Date: Re: SPAM from Red Hat
Next by Date: Re: ppp security problem?
Previous by thread: Re: New PGP Keys
Next by thread: Re: ppp security problem?
Index(es):
- Date
- Thread