From owner-freebsd-hackers  Wed Jun 21 12:19:39 1995
Return-Path: hackers-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id MAA12003
          for hackers-outgoing; Wed, 21 Jun 1995 12:19:39 -0700
Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11])
          by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id MAA11983
          for <freebsd-hackers@freebsd.org>; Wed, 21 Jun 1995 12:19:30 -0700
Received: from sax.sax.de by irz301.inf.tu-dresden.de with SMTP
	(5.67b+/DEC-Ultrix/4.3) id AA03594; Wed, 21 Jun 1995 21:18:14 +0200
Received: by sax.sax.de (8.6.12/8.6.12-s1) with UUCP
	id VAA21914; Wed, 21 Jun 1995 21:18:09 +0200
Received: (from j@localhost) by uriah.heep.sax.de (8.6.11/8.6.9) id TAA20917; Wed, 21 Jun 1995 19:15:39 +0200
From: J Wunsch <j@uriah.heep.sax.de>
Message-Id: <199506211715.TAA20917@uriah.heep.sax.de>
Subject: Re: PPP password security
To: freebsd-hackers@freebsd.org (FreeBSD hackers)
Date: Wed, 21 Jun 1995 19:15:38 +0200 (MET DST)
Cc: brian@beru.wustl.edu (Brian L Gottlieb)
Reply-To: freebsd-hackers@freebsd.org (FreeBSD hackers)
In-Reply-To: <199506211349.OAA19860@whisker.internet-eireann.ie> from "Jordan K. Hubbard" at Jun 21, 95 02:49:03 pm
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
X-Phone: +49-351-2012 669
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Content-Length: 1058      
Sender: hackers-owner@freebsd.org
Precedence: bulk

As Jordan K. Hubbard wrote:
> 
> From: brian@beru.wustl.edu (Brian L Gottlieb)
> Newsgroups: comp.unix.bsd.freebsd.misc
> Subject: PPP login script security
> Date: 20 Jun 1995 17:40:02 GMT
> 
> Has anyone been doing any work towards this?  One idea I had was to
> have the password in /etc/ppp.secret be encrypted. 

See my Usenet reply to Brian.  His proposal would only move the
vulnerability to the security of the encryption key instead of the
plaintext file (since the daemon needs to know the encryption key).

It's a long-standing tradition to store remote passwords in plaintext
(/etc/uucp/systems etc.), and i don't see a problem as long as the
files are mode 0600 and owned by a `trusted' user.  If you cannot
trust root, forget about Unix security.

Perhaps all those programs should refuse to work if they detect
insecure files containing the password (like the .rhosts and .netrc
permission checks).

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/
Never trust an operating system you don't have sources for. ;-)