On 25-Mar-01 Howard Lowndes wrote:
> On my dial in connection I have mgetty listening to answer the RING from
> the modem, the user authenticates and then pppd is called, but the
> connection fails and the log shows that the failure is either because the
> user is not root or pppd is not suid.
>
> When I suid pppd it all works.
>
> Now I am not too happy about suid pppd, is it a security hole?
at present, there are no known security holes/buffer overruns/exploits
(take your pick) for pppd.
however, it is the case that any suid program that is compromised will
almost certainly (and immediately, to the knowledgeably) be used as a
root exploit.
It is for this reason that RH (circa 5.x releases I think) removed the suid
bit on pppd (I think that the original package still installs it suid
though).
> How can I over come the problem otherwise?
there are multiple ways, the more commor are to:
- suid root pppd
- sgid <new ppp group> pppd, and add all pppd users to that group.
> How come the suid that I put on pppd last time this happened got wiped off
> when I rebooted this box. (It's RH6.2)
probably linuxconf. linuxconf notices that the permissions don't match
the installed ones, and "tries to fix things for you".
This is expecially true if you run linuxconf, and upon exit it tells
you it has things to do, and you say "ok, do it" (instead of "exit").
I use the suid root on pppd and while linuxconf complains from time to time,
I never let it "fix" it. I also mount /usr "ro", which will prevent linuxconf
(or anyone else, for that matter, assuming that root has not been
compromised, of course) from messing w/ my permissions
rgds,
-Greg
+---------------------------------------------------------------------+
"DOS Computers manufactured by companies such as IBM, Compaq, Tandy, and
millions of others are by far the most popular, with about 70 million
machines in use wordwide. Macintosh fans, on the other hand, may note that
cockroaches are far more numerous than humans, and that numbers alone do
not denote a higher life form." (New York Times, November 26, 1991)
| Greg Hosler i-net: [EMAIL PROTECTED] |
+---------------------------------------------------------------------+
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
