Re: pppd / pon problem

To: debian-user@lists.debian.org
Subject: Re: pppd / pon problem
From: John Pearson <john@huiac.apana.org.au>
Date: Fri, 4 Jun 1999 02:53:13 +0930
Message-id: <[🔎] E10pbTK-0007Sf-00@huiac.localnet>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 87btey7pqu.fsf@hasler.dhh>; from John Hasler on Wed, Jun 02, 1999 at 07:26:17AM -0500
References: <Phillip <[🔎] E10ouu8-0000Ky-00@scgf.gmx.net> <[🔎] 3.0.6.32.19990601160946.007bcec0@mailserv.info66.com> <[🔎] 87so8b7ght.fsf@hasler.dhh> <[🔎] 19990602131737.B9170@huiac.localnet> <[🔎] 87btey7pqu.fsf@hasler.dhh>

On Wed, Jun 02, 1999 at 07:26:17AM -0500, John Hasler wrote
> John P. writes:
> > Maybe things have changed since I installed PPP, but on my home system
> > /etc/ppp is owned root:root and has permissions 700.  Users who are in
> > the dip group can use PPP, because pppd is owned root:dip and has
> > permissions 4754 (suid root, executable by group).
> 
> With /etc/ppp root.root and 700 users can't get to the provider files in
> /etc/ppp/peers.  This means pon won't work for them.
> 

The permissions are as installed, and pppd can read /etc/ppp/peers; pon 
works for regular members of group 'dip' on my machines.

> > Having /etc/ppp owned by root:dip and group readable is, in my opinion,
> > bad.  Setting it up that way allows any user that you trust to use *any*
> > PPP account to read stuff in /etc/ppp, which may include stuff you don't
> > want them to see (like pap-secrets).
> 
> Those files are root.root and have 600 permissions.  The users can't read
> them.
> 

You are correct, but if I can lock it down I would prefer to do so. 
Accidents happen.

> > On a single-user machine it's not so bad, but unless things have changed
> > since 2.2.5-3...
> 
> Things have changed quite a bit, actually.
> 

<ahem> that should have been 2.3.5-2.  Sorry about that.

> > ...it is unnecessary and potentially dangerous.
> 
> Here are the special permissions for the ppp package.  Please point out any
> security bugs.
> 
>  chgrp dip debian/{tmp,ppp-pam}/usr/sbin/pppd
>  chmod 4754 debian/{tmp,ppp-pam}/usr/sbin/pppd
>  chmod 750 debian/tmp/etc/ppp
>  chmod 755 debian/tmp/etc/ppp/ip-up debian/tmp/etc/ppp/ip-down
>  chmod 600 debian/tmp/etc/ppp/pap-secrets
>  chmod 600 debian/tmp/etc/ppp/chap-secrets
>  chmod 640 debian/tmp/etc/ppp/peers/provider debian/tmp/etc/chatscripts/provider
>  chgrp dip debian/tmp/etc/ppp/peers/provider debian/tmp/etc/chatscripts/provider
>  chgrp dip debian/tmp/etc/ppp/peers debian/tmp/etc/chatscripts
>  chmod 2750 debian/tmp/etc/ppp/peers debian/tmp/etc/chatscripts
> 

What I don't like about this setup is that any member of group 'dip' can
read all chatscripts.  I'd prefer that they not be able to read any, but
that would appear to require either:
  - A separate group for each provider, with chatscripts chgrp'd to control
    who can see what; or
  - A setuid wrapper in place of pon[1]; or
  - Changing pppd to allow it to read the chatscript as root (if suid).


John P.
[1] Something like:
 - Verify that the invoking user is allowed to call this provider;
 - Make a temporary copy of the chatscript named for the provider, 
   owned by the invoking user, created as chmod 700;
 - Exec pppd to run the chatscript & establish the connection, setting
   ipparam to the provider name;
 - In ip-up.d, delete the chatscript identified by ipparam.
-- 
huiac@camtech.net.au
john@huiac.apana.org.au
"Oh - I - you know - my job is to fear everything." - Bill Gates in Denmark

Reply to:

References:
- Re: pppd / pon problem
  - From: Phillip Deackes <gsmh@gmx.net>
- Re: pppd / pon problem
  - From: Robert <shadow@linuxfan.com>
- Re: pppd / pon problem
  - From: John Hasler <john@dhh.gt.org>
- Re: pppd / pon problem
  - From: John Pearson <john@huiac.apana.org.au>
- Re: pppd / pon problem
  - From: John Hasler <john@dhh.gt.org>

Prev by Date: Re: PCI modem
Next by Date: Re: ps/2 model 90
Previous by thread: Re: pppd / pon problem
Next by thread: Re: pppd / pon problem
Index(es):
- Date
- Thread