Am Samstag, 16. August 2003 21:20 schrieb Diego Iastrubni:
> בשבת, 16 באוגוסט 2003, 21:25, Steffen Barszus כתב:
> > Am Samstag, 16. August 2003 19:13 schrieb Olivier Blin:
> > > Hi
> > >
> > > kppp has root suid, is it really necessary ?
> > > pppd has already root suid, shouldn't it be be enough ?
> >
> > pppd setuid root => pppd has access to all files it needs as well as
> > devices and is able to set the route
> > kppp setuid root => using pppd as you were root, needed since using pppd
> > as user you have only limited access to pppd. you can only dial with
> > peerscripts and not set priviliged options. So kppp not running setuid
> > root would result in not beeing able to use it at all.
> >
> > Steffen
>
> but if kppp is run as normal user, and then it invokes pppd which is suid
> root, then pppd will become root no?
What I mean is the following (man pppd):
As indicated above, some security-sensitive options are privileged,
which means that they may not be used by an ordinary non-privileged
user running a setuid-root pppd, either on the command line, in the
user's ~/.ppprc file, or in an options file read using the file option.
Privileged options may be used in /etc/ppp/options file or in an
options file read using the call option. If pppd is being run by the
root user, privileged options can be used without restriction.
If pppd is setuid root it has access as if it is root, but it is not run as if
root has started it.
Steffen
