Re: /etc/ppp/pap-secrets is read/writable only by root
On 7 Feb 1998 john@dhh.gt.org wrote:
> > However, the ppp package provides /etc/ppp/{pap,chap}-secrets as mode
> > 0600, owned by root. Thus, wvdial, which otherwise could run as a normal
> > user (and call a setuid pppd when necessary) must now run as root.
[...]
>
> A suid program to edit /etc/ppp/{pap,chap}-secrets. As I am about finished
> with my pppconfig program and my package 'dunc'suffers from the same
> problem, I will start work on this ASAP. This will initially be a C
> wrapper around an ed script, and do nothing but add or remove the string
> given on the command line.
When I first read this, I thought: "Hey, why didn't I think of that?"
However, while it sounds like a clever solution, I think it's the wrong one.
You'll probably set it setuid root, gid dip, executable only by users in the
'dip' group.
Problem is, that's exactly equivalent to providing the "+ua" option right in
pppd, except that it's a hack. The point of removing +ua was presumably to
prevent normal users from providing their own authentication information
(though I fully agree that in many cases, this _is_ desirable).
I would politely suggest that, rather than producing Yet Another Setuid
Program, you simply modify pppd to include +ua again. I doubt it would be
any more difficult. I wish the upstream pppd authors would answer my
e-mail, though.
Thanks for your input though,
Avery
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: