On 2009-01-04, patrick keshishian <[email protected]> wrote:
> Hi,
>
> I'm curious about why privileges are revoked before executing
> ip-{up,down} scripts?
>
> "ROUTING" section of pppd(8) says:
>
> +--- pppd(8)
> | When IPCP negotiation is completed successfully,
> | pppd will inform the kernel of the local and remote
> | IP addresses ... to create a host route to the remote
> | end ... which will enable the peers to exchange IP
> | packets. Communication with other machines generally
> | requires further modification to routing tables. In
> | most cases the defaultroute [is] sufficient for this,
> | but in some cases further intervention is required.
> | The /etc/ppp/ip-up script can be used for this.
> +-
>
> However, if ip-up is to change the routing table it will require
> root privilege.
>
> Am I missing something?
>
> --patrick
>
>
Looks like a bug to me. The actual behaviour is not what is documented
in the SCRIPTS section of the manual "The scripts are executed as root
(with the real and effective user ID set to 0)".
Upstream (now hosted at ppp.samba.org) changed this to setuid(0), we
haven't synced since then.
- (void) chdir ("/"); /* no current directory. */
- setuid(geteuid());
+ (void) chdir ("/"); /* no current directory. */
+ setuid(0); /* set real UID = root */
http://git.ozlabs.org/?p=ppp.git;a=commit;h=a00baab063b349591289cbde22ab40cf80b8f0af
We changed to use setresuid() rather than setuid(), but this didn't change
behaviour here. I guess many people will run pppd as root so they won't
notice the problem (afaict, it only happens if you start as a non-root
member of the group "network").
