Philip Hands wrote:
> The answer is that there is sensitive information under that directory
> (pap & chap passwords etc). OK, so you might argue that only the
> password files need to be restricted, but IIRC there is some
> information that can be gleaned by having search access to the
> directory --- the fact of the existence of {p,ch}ap-secrets perhaps,
> but I seem to remember it was more serious than that.
Indeed all those files exist by default after the package is installed,
and are mode 600 root.dip (odd).
> Presumably all those bug reports are lost in the mists of time?
Sadly yes. I have reassigned the couple of bugs I opened on this issue
back to ppp, and IMHO it should be changed to use 755 directories
unless you remember why not. As has been pointed out many debian systems
get exim installed first anyway and so get a 755 /etc/ppp.
> Anyway, why are the permissions a problem? Given that anyone that
> needs to do ppp dialing should be in the dip group, they will be able
> to read that directory, no?
My sense of aestetics is hurt by having debian installs randomly having
different directory permissions. Here it seems to be 50/50 amoung my
various installs and chroots whether /etc/ppp is 755 or 750. I can't
think of any bugs offhand, but it is at least inconsistent to users not
in the dip group whether they can poke around in the directory or not.
--
see shy jo
Attachment:
pgpNL8exv7C1f.pgp
Description: PGP signature