Re: pppd and setuidness (was Re: 3 Questions)
>>One could make the uid of the account zero to achieve this without
>>making pppd setuid, though I can imagine this making people jump up
>>and down about security - can anyone think of an attack on this?
>
>If the user figures a way to change their shell, you're dead.
Quite so. Similarly if there's a way of running a shell under a uid
provided you know the appropriate password. AFAICT su is safe against
this as long as pppd (or whatever script one uses) isn't in
/etc/shells.
I'd be very wary indeed of actually *trying* this!
- Richard
--
http://www.elmail.co.uk/staff/richard/
GCS d- s+:- a-- C++ ULVS+++$ P+++ L++ E++ W(++,--) N(++,+) o? K w---
O? M- V? PS(+,+++) PE Y+ PGP+ t- 5++ X+@ R tv--- b++>++++ DI+ D+ G e++
h r% y++
Reply to: