Re: permissions of /etc/ppp
Philip Hands <phil@hands.com> wrote:
> At Sat, 16 Nov 2002 18:18:37 -0500, Joey Hess wrote:
[...]
> I take it that the question is "Why is /etc/ppp only readable by
> root.dip?"
Hello,
Yes.
> The answer is that there is sensitive information under that directory
> (pap & chap passwords etc). OK, so you might argue that only the
> password files need to be restricted, but IIRC there is some
> information that can be gleaned by having search access to the
> directory --- the fact of the existence of {p,ch}ap-secrets perhaps,
> but I seem to remember it was more serious than that.
I am sorry, we were looking for details, this is not compelling.
> Presumably all those bug reports are lost in the mists of time?
I think so.
> Anyway, why are the permissions a problem?
Policy 11.9. Permissions and owners:
Directories should be mode 755...
About 20 packages include /etc/ppp/ in the deb and (probably) all
except pppd include it as root:root 755. If somebody installs one of
these packages (including ipppd and pppoe) before ppp the directory is
owned as root:root 755 instead of the permissions suggested by the
ppp-package.
Because exim includes /etc/ppp/ and is probably installed before ppp
(iirc alphanumeric ordering has its influence) I boldly claim that on
the majority of installations /etc/ppp/ has root:root 755, and I am
still waiting for the mass of bugreports about this.
We can either file bugreports for 20 packages, whose fix requires a
change in the postinst-script or simply use standard-perms in the
ppp-package, too.
[...]
> If you're wondering why the ability to launch ppp should be
> restricted to dip group members,
[...]
No, that was not the question.
cu andreas
--
Hey, da ist ein Ballonautomat auf der Toilette!
Unofficial _Debian-packages_ of latest unstable _tin_
http://www.logic.univie.ac.at/~ametzler/debian/tin-snapshot/
Reply to: