Re: PPP as normal user

To: Debian Userslist <debian-user@lists.debian.org>
Subject: Re: PPP as normal user
From: john@dhh.gt.org
Date: 27 Aug 1998 18:16:22 -0500
Message-id: <[🔎] 8790ka9fsp.fsf@hasler.dhh>
In-reply-to: Martin Bialasinski's message of 27 Aug 1998 20:43:20 +0200
References: <[🔎] E0zC3hq-0001Mg-00@brian.servis.snet> <[🔎] 877lzugt9z.fsf@haitech.martin.home>

Martin writes:
> But this is strange. pppd is setuid root. So it should be able to
> read any file, right?

/etc/chatscripts/provider is read by chat, not pppd. pppd forks and exec's
chat via these lines:

        setuid(getuid());                                                                          setgid(getgid());                                                                          execl("/bin/sh", "sh", "-c", program, (char *)0);

Thus chat gets run with the uid of the user, not root.  More security.
Remember that the 'connect' command can be given on the command line.
Without the above precautions, I could run 'pppd connect get_root' and have
the 'get_root' script run setuid root.
-- 
John Hasler
john@dhh.gt.org (John Hasler)
Dancing Horse Hill
Elmwood, WI

Reply to:

References:
- Re: PPP as normal user
  - From: servis@purdue.edu
- Re: PPP as normal user
  - From: Martin Bialasinski <martin@internet-treff.uni-koeln.de>

Prev by Date: Re: ping: sendto: Operation not permitted
Next by Date: Re: Debian 2.0 last, wtmp broken
Previous by thread: Re: PPP as normal user
Next by thread: Re: PPP as normal user
Index(es):
- Date
- Thread