[905] in linux-security and linux-alert archive
Re: [linux-security] dip
daemon@ATHENA.MIT.EDU (Uri Blumenthal)
Sat Jul 13 21:37:52 1996
From: Uri Blumenthal <uri@watson.ibm.com>
To: cjwoods@paladin.com (Chris Woods)
Date: Fri, 12 Jul 1996 18:01:13 -0400 (EDT)
Cc: johnb@aztec.co.za, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199607111411.KAA03166@wire.paladin.com> from "Chris Woods" at Jul 11, 96 10:11:38 am
Reply-To: uri@watson.ibm.com
Chris Woods says:
> > but, why would you want non-root users to make network connections and
> > make changes to routing tables?
>
> Remember that many, many linux boxes are single-user machines, being
> used as desktop PC's in offices or homes. We don't want to encourage
> end-users to keep a root shell open, or to do something as root that
> they really don't need to do.
A perfectly valid reason. Also, some multiuser machines do allow
*some* users to dial out, and possibly dial-out to establish IP
link to the outside.
In both cases, DIP has to be set-uid root. Of course, it makes sense
to have it also either set-gid whatever *group* is allowed to execute
it, with no permissions whatsoever for the others, like:
-rwsr-s--- 1 root dip 89101 Jun 11 00:01 /usr/sbin/dip
Or make some kind of wrapper, which controls group-wide access, but
still does not eliminate the need for DIP itself to be set-uid root.
> > Do you _really_ want any 'ol luser on your system to dial out
> > and do funny things with your modem?
>
> I believe dip provides a means by which you can specify which users
> are allowed to use the service. I don't recall, honestly... it's been
> a long, long time since I've used dip.
Partially. DIP allows to verify whether a dial-in user is permitted to
establish an IP connection, but that's about it (oh, plus some auth
stuff done)... More work is needed to incirporate better auth
methods...
--
Regards,
Uri uri@watson.ibm.com
-=-=-=-=-=-=-
<Disclaimer>