>>One could make the uid of the account zero to achieve this without >>making pppd setuid, though I can imagine this making people jump up >>and down about security - can anyone think of an attack on this? > >If the user figures a way to change their shell, you're dead.
Quite so. Similarly if there's a way of running a shell under a uid provided you know the appropriate password. AFAICT su is safe against this as long as pppd (or whatever script one uses) isn't in /etc/shells. I'd be very wary indeed of actually *trying* this! - Richard -- http://www.elmail.co.uk/staff/richard/ GCS d- s+:- a-- C++ ULVS+++$ P+++ L++ E++ W(++,--) N(++,+) o? K w--- O? M- V? PS(+,+++) PE Y+ PGP+ t- 5++ X+@ R tv--- b++>++++ DI+ D+ G e++ h r% y++