Re: Wvdial - How do you surf without being root?
Quoting Jed Strauss (strauss@peakpeak.com):
> On Fri, Mar 23, 2001 at 07:10:27AM -0500, Barry Mathieu wrote:
> > I do get some warning at connection time:
> >
> > --> PPP negotiation detected.
> > --> Warning: Could not modify /etc/ppp/pap-secrets: Permission denied
> > --> --> PAP (Password Authentication Protocol) may be flaky.
> > --> Warning: Could not modify /etc/ppp/chap-secrets: Permission denied
> > --> --> CHAP (Challenge Handshake) may be flaky.
> > --> Starting pppd at Fri Mar 23 06:35:28 2001
> >
> > But the connection works!
Well those error messages look encouraging. If wvdial is running as
an ordinary user, it should not be able to, nor should it need to,
modify those files.
> If your ISP uses PAP/CHAP or you just want to get rid of the error
> messages, chmod 660 /etc/ppp/*-secrets. I use this same method. Does
> anyone know if this is a security risk?
Whether it makes any difference or not, this is a Bad Thing:
$ strings /usr/sbin/pppd | grep "\- secret file"
Warning - secret file %s has world and/or group access
If it makes any difference, then it's a security risk because
obviously the group owner of your files is not root (which it
should be).
$ ls -l /etc/ppp/*secrets
-rw------- 1 root root 2296 May 15 2000 /etc/ppp/chap-secrets
-rw------- 1 root root 1524 Oct 19 1998 /etc/ppp/pap-secrets
is correct.
Cheers,
--
Email: d.wright@open.ac.uk Tel: +44 1908 653 739 Fax: +44 1908 655 151
Snail: David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA
Disclaimer: These addresses are only for reaching me, and do not signify
official stationery. Views expressed here are either my own or plagiarised.
Reply to: