Date: Wed, 21 Jun 1995 19:15:38 +0200 (MET DST) From: J Wunsch <j@uriah.heep.sax.de> To: freebsd-hackers@freebsd.org (FreeBSD hackers) Cc: brian@beru.wustl.edu (Brian L Gottlieb) Subject: Re: PPP password security Message-ID: <199506211715.TAA20917@uriah.heep.sax.de> In-Reply-To: <199506211349.OAA19860@whisker.internet-eireann.ie> from "Jordan K. Hubbard" at Jun 21, 95 02:49:03 pm
next in thread | previous in thread | raw e-mail | index | archive | help
As Jordan K. Hubbard wrote: > > From: brian@beru.wustl.edu (Brian L Gottlieb) > Newsgroups: comp.unix.bsd.freebsd.misc > Subject: PPP login script security > Date: 20 Jun 1995 17:40:02 GMT > > Has anyone been doing any work towards this? One idea I had was to > have the password in /etc/ppp.secret be encrypted. See my Usenet reply to Brian. His proposal would only move the vulnerability to the security of the encryption key instead of the plaintext file (since the daemon needs to know the encryption key). It's a long-standing tradition to store remote passwords in plaintext (/etc/uucp/systems etc.), and i don't see a problem as long as the files are mode 0600 and owned by a `trusted' user. If you cannot trust root, forget about Unix security. Perhaps all those programs should refuse to work if they detect insecure files containing the password (like the .rhosts and .netrc permission checks). -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199506211715.TAA20917>