Date: Fri, 25 Oct 2002 19:20:33 -0700 From: Brooks Davis <brooks@one-eyed-alien.net> To: Terry Lambert <tlambert2@mindspring.com> Cc: Brooks Davis <brooks@one-eyed-alien.net>, Bakul Shah <bakul@bitblocks.com>, freebsd-current@FreeBSD.ORG Subject: Re: pppd not working on latest current 2002-10-20 Message-ID: <20021025192033.A20021@Odin.AC.HMC.Edu> In-Reply-To: <3DB9F885.D0A59E87@mindspring.com>; from tlambert2@mindspring.com on Fri, Oct 25, 2002 at 07:05:57PM -0700 References: <20021025152221.A8479@Odin.AC.HMC.Edu> <200210260034.UAA03676@tonnant.cnchost.com> <20021025175921.A2761@Odin.AC.HMC.Edu> <3DB9F885.D0A59E87@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--zYM0uCDKw75PZbzx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Oct 25, 2002 at 07:05:57PM -0700, Terry Lambert wrote: > Brooks Davis wrote: > > This isn't going to have an effect on the ability to use kernel ppp for > > other things. The tty orientation of pppd and the outdated, unmodular > > design on ppp(4) have taken care of that. This patch gives people > > the functionality they want (pppd just working) without any major > > entanglements (the whole function is <20 lines). If someone > > wants to make pppd work on arbitrary devices we can deal with that when > > it happens and I frankly doubt it's ever going to since we've got > > netgraph to do that with. >=20 > Depending on the value of "sysctl kern.module_path", if the "if_ppp" > module does not exist, and one of the path components is writeable, > then this would permit you to abuse the pppd to load arbitrary modules > into the kernel. >=20 > So I understand Bakul's complaint. >=20 > But by the same token, "mount" and "ifconfig" have the same problems; > on the other hand, unlike pppd, they are not suid root. Note the getuid() check to prevent exactly this problem. If you want to keep root from loading modules, that's a kernel problem. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --zYM0uCDKw75PZbzx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9ufvwXY6L6fI4GtQRAk93AKDGr6OtRZkzThRa8OwXRGxu603OqQCgzlWx zXs2JTectkGq8Z1ALI4YwJs= =5iku -----END PGP SIGNATURE----- --zYM0uCDKw75PZbzx-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021025192033.A20021>