[414] in linux-security and linux-alert archive
PPP security hole?
daemon@ATHENA.MIT.EDU (Nick Kralevich)
Thu Oct 12 14:58:59 1995
Date: Wed, 11 Oct 1995 16:14:44 -0700 (PDT)
From: Nick Kralevich <nickkral@parker.EECS.Berkeley.EDU>
To: linux-security@tarsier.cv.nrao.edu
Summary: The current pppd, as installed by slackware and other
distributions, could allow a user to become another computer on the network.
By default, slackware installs pppd as setuid root.
caa32:~> ls -la /usr/lib/ppp/pppd
-rws--x--x 1 root bin 66564 Feb 16 1995 /usr/lib/ppp/pppd*
The command line
/usr/lib/ppp/pppd passive crtscts modem proxyarp :128.32.111.22 asyncmap 0
allows the user to open a PPP connection as the address specified. The
solution seems to be to disable PPP support in the kernel, remove the
setuid flag from the pppd executable, or modify/create default pppd
configuration files which will prevent this type of thing.
Any Linux machine that can be logged into my multiple users is
potentially vulnerable to this installation problem.
Take care,
-- Nick Kralevich
nickkral@cory.eecs.berkeley.edu
