[22076] in bugtraq
Re: Wvdial insecure conf?
daemon@ATHENA.MIT.EDU (Stefan Riegelnik)
Thu Aug 2 01:36:29 2001
Date: Thu, 2 Aug 2001 02:22:40 +0200 (CEST)
From: Stefan Riegelnik <sriegelnik@netway.at>
To: Qlo <qlo@wmgflat.net>
Cc: <bugtraq@securityfocus.com>
In-Reply-To: <000d01c11aa8$8d4f7ff0$7783d2d4@existenz>
Message-ID: <Pine.LNX.4.30.0108020210380.4341-100000@wnerie.netway.at>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 1 Aug 2001, Qlo wrote:
> I've compiled and installed wvdial (a dialer for dial up connection) and the
> program wvdialconf generate a file called wvdial.conf.
> In this file : AT strings, username, pass and another setting like
> /etc/ppp/options.
> But now the problem, with ls -l
>
> -rw-r--r-- 1 root root 335 Aug 1 18:21 wvdial.conf
I do not think so - I think it depends on the permissions of the wvdial.conf, as
[from the man-page of wvdialconf]
It is safe to run wvdialconf if a configuration file already exists. In that case, only the
Modem, Baud, Init, and Init2 options are changed in the [Dialer Defaults] section, and only if
autodetection is successful.
and
root@wnerie /etc# ls -l wvdial.conf
-rw------- 1 root root 300 Aug 2 02:08 /etc/wvdial.conf
root@wnerie /etc# wvdialconf /etc/wvdial.conf
Scanning your serial ports for a modem.
[...snipp...]
root@wnerie /etc# ls -l wvdial.conf
-rw------- 1 root root 300 Aug 2 02:10 wvdial.conf
If the file does not exist, the permissions of the file created are 600
root@wnerie /# wvdialconf /tmp/testbuq
[...snipp...]
root@wnerie /tmp# ls -al testbuq
-rw------- 1 root root 205 Aug 2 02:07 testbuq
root@wnerie /tmp# cat testbuq
[ Tested on Redhat 6.0, 2.2.19, WvDial 1.41 ]
Regards, Stefan
--
stefan riegelnik mailto:sriegelnik@netway.at
Whatever occurs from love is always beyond good and evil.
-- Friedrich Nietzsche
