[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pppd / pon problem

On Tue, Jun 01, 1999 at 04:33:50PM -0500, John Hasler wrote
> Robert writes:
> > Is it [/etc/ppp being root.root] a bug?
> 
> Yes.  It should be root.dip .
> 
> > Seems like the default for allowing a ppp dial out would be up to the
> > admin and not users?
> 
> It is.  The admin decides which users to put in the dip group.
> 

Maybe things have changed since I installed PPP, but on my home system
/etc/ppp is owned root:root and has permissions 700.  Users who are in the
dip group can use PPP, because pppd is owned root:dip and has permissions 
4754 (suid root, executable by group).

Having /etc/ppp owned by root:dip and group readable is, in my opinion, bad.
Setting it up that way allows any user that you trust to use *any* PPP
account to read stuff in /etc/ppp, which may include stuff you don't want
them to see (like pap-secrets).  On a single-user machine it's not so bad,
but unless things have changed since 2.2.5-3 it is unnecessary and
potentially dangerous.


John P.
-- 
huiac@camtech.net.au
john@huiac.apana.org.au
"Oh - I - you know - my job is to fear everything." - Bill Gates in Denmark
Reply to: