Re: PPP as normal user
Martin writes:
> But this is strange. pppd is setuid root. So it should be able to
> read any file, right?
/etc/chatscripts/provider is read by chat, not pppd. pppd forks and exec's
chat via these lines:
setuid(getuid()); setgid(getgid()); execl("/bin/sh", "sh", "-c", program, (char *)0);
Thus chat gets run with the uid of the user, not root. More security.
Remember that the 'connect' command can be given on the command line.
Without the above precautions, I could run 'pppd connect get_root' and have
the 'get_root' script run setuid root.
--
John Hasler
john@dhh.gt.org (John Hasler)
Dancing Horse Hill
Elmwood, WI
Reply to: