Date: Sun, 21 Sep 1997 02:13:07 +0200 From: Eivind Eklund <perhaps@yes.no> To: ????????????? <ache@nagual.pp.ru> Cc: hackers@FreeBSD.ORG, brian@awfulhak.org Subject: Re: ppp restrictions Message-ID: <19970921021307.02893@bitbox.follo.net> In-Reply-To: <Pine.BSF.3.96.970921030542.613A-100000@lsd.relcom.eu.net>; from ????????????? on Sun, Sep 21, 1997 at 03:08:39AM %2B0400 References: <199709202102.XAA18140@bitbox.follo.net> <Pine.BSF.3.96.970921030542.613A-100000@lsd.relcom.eu.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Sep 21, 1997 at 03:08:39AM +0400, ????????????? wrote: > On Sat, 20 Sep 1997, Eivind Eklund wrote: > > > I like the present model. It allow you to be as strict (or not) as > > you want, but default to a secure value. "Principle of least > > It is not allows to run ppp from "network" group, only from root, so it > not does what I want. Eh? Isn't it still setuid(), so network can do it? My understanding (I've not actually looked more at this, since I don't run PPP at the moment) was ppp owner root, group network, permissions 4550. Thats at least what looks reasonable; otherwise, you need root to use the program and can drop group network entirely. Eivind.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970921021307.02893>