Subject: pkg/26703: userppp does not set permissions on unix domain socket
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <gathorpe79@yahoo.com>
List: pkgsrc-bugs
Date: 08/18/2004 01:51:43
>Number:         26703
>Category:       pkg
>Synopsis:       userppp does not set permissions on unix domain socket
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Aug 18 04:19:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Gary Thorpe
>Release:        1.6
>Organization:
>Environment:
NetBSD elf.elven.org 1.6 NetBSD 1.6 (ELF) #1: Mon Sep 22 16:49:36 EST 2003     gthorpe@ranger.elven.org:/devel/build/kernels/ELF i386
>Description:
The ppp binary in the userppp package (userppp-001107) does not
follow configurations options to set the permissions of the UNIX
domain control socket. The control socket is used by pppctl for
administration purposes.
Contents of /usr/pkg/etc/ppp/ppp.conf:
default:
        set log tun connect phase
        set device /dev/dty01 /dev/dty02
        set speed 115200
        set timeout 300
        set stopped 10
        set choked 60
        set socket /var/run/userppp%d "passwd" 077
        resolv readonly
        set dial "ABORT BUSY ABORT ERROR ABORT NO\\sCARRIER ABORT
NO\\sANSWER\
        \"\" AT TIMEOUT 5 OK-ATZ-OK AT&F OK AT+MS=v34b,1,0,33600 OK ATDT\\T\
        TIMEOUT 60 CONNECT"

isp:
        set phone 0123456789
        set redial 5 3
        enable dns
        set authname username
        set authkey passwd
        add default HISADDR

In /var/run:
srwxrwxrwx  1 root  wheel      0 Aug 17 23:54 userppp0

Should be:
srwx------  1 root  wheel      0 Aug 17 23:54 userppp0

I would like to prevent non-root and/or non-wheel from even
connecting to the socket, but ppp does not honor its configuration
option.
>How-To-Repeat:
Include a 'set server|socket' option in userppp's configuration file
to use a UNIX domain socket and dial the isp.
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: