Date: Fri, 19 Sep 1997 16:53:59 +0400 (MSD) From: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.pp.ru> To: FreeBSD-Hackers List <hackers@freebsd.org>, Brian Somers <brian@awfulhak.org> Cc: brian@freebsd.org Subject: Re: ppp restrictions Message-ID: <Pine.BSF.3.96.970919164757.22525A-100000@lsd.relcom.eu.net> In-Reply-To: <199709191130.MAA26624@awfulhak.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 19 Sep 1997, Brian Somers wrote: > > On Fri, 19 Sep 1997, Brian Somers wrote: > > > > > Without this restriction, any member of group network can alter the > > > routing table. > > > > Hmm. What network group is for? From the name it is supposed they can > > change such things as routing table, etc. network stuff. > > > > > :-( Personally, I have a little program (enclosed FYI) that > > > circumvents all of this - not just for ppp, but for all this sort of > > > stuff. > > > > You just demonstrate first bad effect of this change. Many people in real > > world will make the similar program to compensate this change and > > introduce even bigger security problem than was before under network group > > restriction completely. > > I think the best place to discuss this is on -hackers. Some people > think that ppp should not be suid at all, others like it the way it > was.... Too many things works only from root, it is not flexible. Lets consider suid abilities with and without suid requirements. If we have suid abilities without suid requirement, we need yet one level of restriction to separate them from normal user, it is "network" group currently. If we have suid requirements, we don't need "network" group and return to old model where all things are done from root. > Shall we continue the discussion there ? I'm easy either way. Ok, let it be -hackers. -- Andrey A. Chernov <ache@null.net> http://www.nagual.pp.ru/~ache/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970919164757.22525A-100000>