[2287] in RedHat Linux List
Re: More netcfg and ppp observations - security implication?
daemon@ATHENA.MIT.EDU (Robert Hart)
Fri Nov 1 22:51:02 1996
Date: Sat, 2 Nov 1996 14:47:39 +1100 (EST)
From: Robert Hart <hartr@interweft.com.au>
Reply-To: Robert Hart <iweft@ipax.com.au>
To: redhat-list@redhat.com
In-Reply-To: <Pine.SUN.3.91.961101201137.16350B-100000@bigbang.phy.duke.edu>
Resent-From: redhat-list@redhat.com
On Fri, 1 Nov 1996, Kyle Ferrio wrote:
> Something else that I'm sure has been discussed/solved in this and broader
> forums is the issue of the -entire- chat script showing up in the output
> of `ps -axf`. This "feature" might go undiscovered if you have a window /
> vt too narrow to avoid truncation. But it's there. For reasons that I
> have yet to track down, the ps entry for chat lists the entire script,
> even though invoked with a -f script. In priciple, someone logged into
> your system can grab ppp ISP passwords of your users by running a process
> that continuously filters ps -af, looking for the chat script. Note that
> the \q escape prevents the password from appearing in SYSLOG
> (/var/log/messages under Redhat) but does nothing out what ps -f reports.
This is the reason why the 'standard' PPP scripts have been changed in
PPP-2.2.
Please see the new PPP-HOWTO at
http://sunsite.unc.edu/mdw/linux.html#howto
and/or the new Red Hat PPP-TIP at http://203.29.72.65/
> I understand that ppp isn't the most secure thing in the first place and
> that most ppp instalations are effectively single-user boxes anyway. But
> this is just too glaring to go unmentioned. Is this a FAQ?
PPP (of iteslf) is not a security hole when properly installed configured
(after all, ANY network type connection is potentially a 'security hole').
However, having your ISP username/password on the command line is NOT a
very good idea - and is a potentially HUGE risk to you personally if
someone on the internet can get that info off your box whilst dialled in.
(And of *course* that is possible - difficult in a number of ways, but not
impossible).
Setting pppd suid root is also a potential problem - as is any suid
program...
Robert Hart iweft@ipax.com.au
Voice: +61 (0)3 9735 3586
InterWeft, 35 Summit Road, Lilydale, Victoria 3140, Australia
IT, data and voice networking Consultancy
Strategic IT business planning
Internet planning, implementation, security and configuration
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-Errata
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
