Professional Web Applications Themes

Security problem is rp-pppoe - Linux Setup, Configuration & Administration

Hi, My Mandrake 9.1 PC has an ADSL Internet connection using PPPoE. I use rp-pppoe and it works fine for me but I can't see why I have to run its commands as root. Specifically, why do I have to enter the root password WHILE CONNECTED to the Internet in order to shut down my connection ("adsl-stop"). I consider it as a serious security problem and wish I could avoid it. Please advise. Thanks in adavance....

  1. #1

    Default Security problem is rp-pppoe

    Hi,
    My Mandrake 9.1 PC has an ADSL Internet connection using PPPoE.
    I use rp-pppoe and it works fine for me but I can't see why I have to
    run its commands as root.
    Specifically, why do I have to enter the root password
    WHILE CONNECTED to the Internet in order to shut down my
    connection ("adsl-stop"). I consider it as a serious
    security problem and wish I could avoid it.

    Please advise.
    Thanks in adavance.
    Michael Guest

  2. #2

    Default Re: Security problem is rp-pppoe


    "Michael Badt" <net.il> wrote in message
    news:net.il... 

    I've never looked at this code, but I think this probably because it would be
    difficult to implement code for this to work as a non-root user. As I'm sure it has
    many kernel hooks.

    You could set up sudo for this command, if you just really don't want to run as
    root. Which is good practice, but most people don't even consider it. You may be
    able to setuid the commands as well.

    Eric
     


    Eric Guest

  3. #3

    Default Re: Security problem is rp-pppoe

    Michael Badt wrote:
     

    While I don't know about ADSL, you can certainly configure the ethernet
    interface, so that it can be shut down by a user. The same applies to any
    other interface I've used, including wireless and a VPN. Look in
    /etc/sysconfig/network-scripts for the device ifcfg file. If there's a
    line "USERCTL=yes", then a user can control the interface.


    --

    Fundamentalism is fundamentally wrong.

    To reply to this message, replace everything to the left of "" with
    james.knott.
    James Guest

  4. #4

    Default Re: Security problem is rp-pppoe

    Michael Badt <net.il> wrote:
     

    If pppd is suid root then you shouldn't need to be root, provided
    the execute permissions for it and the commands (scripts?) allow
    regular users to run them. Some people think that setting pppd
    suid root is not a good idea, but I see nothing wrong with it in
    a trusted environment.
     

    Perhaps the creator of adsl-stop didn't want just anyone to be able
    to break the connection, which could be serving more than one user.
    If it's a script then you may be able to edit and change it so that
    you aren't required to enter the root password.

    --
    Clifford Kite Email: "echo arg|rot13"
    PPP-Q&A links, downloads: http://ckite.no-ip.net/
    /* Those who can't write, write manuals. */
    Clifford Guest

  5. #5

    Default Re: Security problem is rp-pppoe

    On Sun, 28 Sep 2003 06:39:22 +0300, Michael Badt wrote:
     

    Because only root can bring up or shut down :
    1. the pseudo-tty and it's associated program that sends out ethernet
    frames.
    2. the pppd daemon that must attach to that pseudo-tty.



    Why do you consider it a security risk? Have you not secured your system
    as yet?









    joseph Guest

  6. #6

    Default Re: Security problem is rp-pppoe

    Thank you all !

    I'll definitely try to make good use of your advices.

    Michael Badt


    On Sun, 28 Sep 2003 10:31:36 -0400, joseph philip wrote:
     
    >
    > Because only root can bring up or shut down : 1. the pseudo-tty and it's
    > associated program that sends out ethernet frames.
    > 2. the pppd daemon that must attach to that pseudo-tty.
    >
    >
    >
    > Why do you consider it a security risk? Have you not secured your system
    > as yet?[/ref]

    Michael Guest

Similar Threads

  1. PPPOE
    By Julie in forum Windows Networking
    Replies: 7
    Last Post: August 13th, 01:37 AM
  2. PPPoE seems to work, but no DNS
    By Will Hartung in forum Sun Solaris
    Replies: 1
    Last Post: July 30th, 12:41 AM
  3. pppoe problems Red Hat 9.0
    By abdullah in forum Linux Setup, Configuration & Administration
    Replies: 0
    Last Post: July 25th, 01:54 PM
  4. PPPoE problem
    By Dave in forum Windows Networking
    Replies: 0
    Last Post: July 8th, 12:54 PM
  5. pppoe and wan minport
    By larry koppelman in forum Windows Networking
    Replies: 0
    Last Post: July 3rd, 09:22 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139