udev: chown of /dev/ppp

To: debian-devel@lists.debian.org
Subject: udev: chown of /dev/ppp
From: "Hans-J. Ullrich" <hans.ullrich@loop.de>
Date: Sat, 17 Jul 2010 21:45:52 +0200
Message-id: <[🔎] 201007172145.52982.hans.ullrich@loop.de>

Hello debian-team,

I checked, that /dev/ppp is set to 600 with owner root:root.

IMO this is not a good idea. IMOI this might be cause a security hole, because 
applications, which are using /dev/ppp also must be run as root. I think, for 
a normal and unexperienbced user it is no good idea, to let him run as root, 
and of course, the other thing is, applications which a normal user is 
normally allowed to run, should be run under a dedicated group or owner.

In this case my suggestion is the following: 

Normal users, which are allowed to dial out, should be added to group 
"dialout" by root. Device /dev/ppp should be set to 660, and owner 
root:dialout. 

As /dev/ppp is created by udev (I hope I am correct here!), udev should set 
the permisions corectly by default. I thinbk, this is set by 
/lib/udev/rules.d/91-permissions.rules.

I suggest, to add these changes in the next version of udev. Doing so as a 
standard, it is easy to set all dialout applications, like kppp, umtsmon, gppp 
and other similar to execute as group "dialout".

Anyway, I will be pleased, if I could improve  debian  a little bit with my 
thoughts.


Best regards

Hans-J. Ullrich

Reply to:

Follow-Ups:
- Re: udev: chown of /dev/ppp
  - From: md@Linux.IT (Marco d'Itri)
- Re: udev: chown of /dev/ppp
  - From: Osamu Aoki <osamu@debian.org>

Prev by Date: Bug#589433: ITP: gkeyfile-sharp-1.0 -- Key-value file parser
Next by Date: Re: Policy for Linux kernel, initramfs, boot loader update process
Previous by thread: Bug#589433: ITP: gkeyfile-sharp-1.0 -- Key-value file parser
Next by thread: Re: udev: chown of /dev/ppp
Index(es):
- Date
- Thread