Date: Sat, 20 Sep 1997 23:02:07 +0200 (MET DST) From: Eivind Eklund <perhaps@yes.no> To: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.pp.ru> Cc: hackers@FreeBSD.ORG, brian@awfulhak.org, brian@FreeBSD.ORG Subject: Re: ppp restrictions Message-ID: <199709202102.XAA18140@bitbox.follo.net> In-Reply-To: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?='s message of Fri, 19 Sep 1997 16:53:59 %2B0400 (MSD) References: <199709191130.MAA26624@awfulhak.demon.co.uk> <Pine.BSF.3.96.970919164757.22525A-100000@lsd.relcom.eu.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > On Fri, 19 Sep 1997, Brian Somers wrote: > > I think the best place to discuss this is on -hackers. Some people > > think that ppp should not be suid at all, others like it the way it > > was.... The way it was is IMHO unacceptable. It is a huge security hole, similar to sticking the root password in a world readable file in a slightly hidden location - acceptable in many situations, but not a way we can live with shipping systems. > Too many things works only from root, it is not flexible. Lets consider > suid abilities with and without suid requirements. If we have suid > abilities without suid requirement, we need yet one level of restriction > to separate them from normal user, it is "network" group currently. If we > have suid requirements, we don't need "network" group and return to old > model where all things are done from root. I like the present model. It allow you to be as strict (or not) as you want, but default to a secure value. "Principle of least surprise" indicate that users shouldn't be able to change routes; them doing that is more surprising than not being able to run PPP (which is easy enough to fix) Eivind.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709202102.XAA18140>