[416] in linux-security and linux-alert archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: PPP security hole?

daemon@ATHENA.MIT.EDU (Olaf Kirch)
Thu Oct 12 15:35:09 1995

From: okir@monad.swb.de (Olaf Kirch)
To: linux-security@tarsier.cv.nrao.edu
Date: Thu, 12 Oct 1995 19:51:58 +0100 (MET)


Nick Kralevich wrote:
> The solution seems to be to disable PPP support in the kernel, remove the 
> setuid flag from the pppd executable, or modify/create default pppd 
> configuration files which will prevent this type of thing.

An even better solution may be to write a small setuid wrapper program for
each host that you wish users to be able to dial up that executes pppd
with the appropriate set of options.

Olaf
-- 
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
             For my PGP public key, finger okir@brewhq.swb.de.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[416] in linux-security and linux-alert archive

Re: PPP security hole?

daemon@ATHENA.MIT.EDU (Olaf Kirch)Thu Oct 12 15:35:09 1995

daemon@ATHENA.MIT.EDU (Olaf Kirch)
Thu Oct 12 15:35:09 1995