Date: Thu, 7 Nov 1996 18:40:02 -0800 (PST) From: John-Mark Gurney <jmg@nike.efn.org> To: freebsd-bugs Subject: Re: bin/1973: pppd uses /etc/ppp/options.tty after command line args Message-ID: <199611080240.SAA00402@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/1973; it has been noted by GNATS.
From: John-Mark Gurney <jmg@nike.efn.org>
To: Chris Timmons <skynyrd@tahoma.cwu.edu>
Cc: FreeBSD-gnats@freefall.FreeBSD.org,
GNATS Management <gnats@freefall.FreeBSD.org>,
freebsd-bugs@freefall.FreeBSD.org
Subject: Re: bin/1973: pppd uses /etc/ppp/options.tty after command line args
Date: Thu, 7 Nov 1996 18:30:32 -0800 (PST)
On Thu, 7 Nov 1996, Chris Timmons wrote:
>
> Hmmm... smells like a feature to me. From pppd(8):
>
> /etc/ppp/options.ttyname
> System default options for the serial port being
> used, read after command-line options.
>
> ... which leads me to believe that the intention is to provide a mechanism
> whereby the system administrator can lock-down certain options, like the
> IP address that a normal user can't override.
>
> If your change is committed, how else might an adminstrator lock down
> options?
actually... I just realized this... and so what I was thinking about
doing was to provide an option to read the options.tty file before the
commandline args... and in my environment they can't run pppd manually so
it's not a security risk...
so does the option to turn on reading option.ttys before commandline args
sound good? ttyl..
> On Thu, 7 Nov 1996, John-Mark Gurney wrote:
>
> >
> > >Number: 1973
> > >Category: bin
> > >Synopsis: pppd uses /etc/ppp/options.tty after command line args
> > >Confidential: no
> > >Severity: serious
> > >Priority: medium
> > >Responsible: freebsd-bugs
> > >State: open
> > >Class: sw-bug
> > >Submitter-Id: current-users
> > >Arrival-Date: Thu Nov 7 15:00:01 PST 1996
> > >Last-Modified:
> > >Originator: John-Mark Gurney
> > >Organization:
> > Cu Networking
> > >Release: FreeBSD 2.2-960801-SNAP i386
> > >Environment:
> >
> > a ppp server that is doing "dynamic" ip via /etc/ppp/options.tty files and
> > wants to allow some others to connect a network overriding the ip address
> > in options.tty file on the command line...
> >
> > machine is a cut down termserver
> >
> >
> > >Description:
> >
> > when you try to override options that are specified in options.<tty> from the
> > command line you find you can't...
> >
> >
> >
> > >How-To-Repeat:
> >
> > create a /etc/ppp/options.<tty> file with something like
> > :1.2.3.4
> > and then run:
> > pppd :1.2.3.5
> > you will find that when you connect you will end up with 1.2.3.4 as your ip
> > address instead of 1.2.3.5... which you would expect...
> >
> >
> > >Fix:
> >
> > apply this patch... (basicly swap reading sequence of options:
> >
> > Index: main.c
> > ===================================================================
> > RCS file: /usr/cvs/src/usr.sbin/pppd/main.c,v
> > retrieving revision 1.5
> > diff -c -r1.5 main.c
> > *** main.c 1995/10/31 21:21:26 1.5
> > --- main.c 1996/11/07 10:19:59
> > ***************
> > *** 191,198 ****
> >
> > if (!options_from_file(_PATH_SYSOPTIONS, REQ_SYSOPTIONS, 0) ||
> > !options_from_user() ||
> > ! !parse_args(argc-1, argv+1) ||
> > ! !options_for_tty())
> > die(1);
> > check_auth_options();
> > setipdefault();
> > --- 191,198 ----
> >
> > if (!options_from_file(_PATH_SYSOPTIONS, REQ_SYSOPTIONS, 0) ||
> > !options_from_user() ||
> > ! !options_for_tty() ||
> > ! !parse_args(argc-1, argv+1))
> > die(1);
> > check_auth_options();
> > setipdefault();
> >
> >
> > >Audit-Trail:
> > >Unformatted:
> >
>
>
John-Mark
gurney_j@efn.org
http://resnet.uoregon.edu/~gurney_j/
Modem/FAX: (541) 683-6954 (FreeBSD Box)
Live in Peace, destroy Micro$oft, support free software, run FreeBSD (unix)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611080240.SAA00402>