Subject: pkg/26703: userppp does not set permissions on unix domain socket
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <gathorpe79@yahoo.com>
List: pkgsrc-bugs
Date: 08/18/2004 01:51:43
>Number: 26703
>Category: pkg
>Synopsis: userppp does not set permissions on unix domain socket
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Aug 18 04:19:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator: Gary Thorpe
>Release: 1.6
>Organization:
>Environment:
NetBSD elf.elven.org 1.6 NetBSD 1.6 (ELF) #1: Mon Sep 22 16:49:36 EST 2003 gthorpe@ranger.elven.org:/devel/build/kernels/ELF i386
>Description:
The ppp binary in the userppp package (userppp-001107) does not
follow configurations options to set the permissions of the UNIX
domain control socket. The control socket is used by pppctl for
administration purposes.
Contents of /usr/pkg/etc/ppp/ppp.conf:
default:
set log tun connect phase
set device /dev/dty01 /dev/dty02
set speed 115200
set timeout 300
set stopped 10
set choked 60
set socket /var/run/userppp%d "passwd" 077
resolv readonly
set dial "ABORT BUSY ABORT ERROR ABORT NO\\sCARRIER ABORT
NO\\sANSWER\
\"\" AT TIMEOUT 5 OK-ATZ-OK AT&F OK AT+MS=v34b,1,0,33600 OK ATDT\\T\
TIMEOUT 60 CONNECT"
isp:
set phone 0123456789
set redial 5 3
enable dns
set authname username
set authkey passwd
add default HISADDR
In /var/run:
srwxrwxrwx 1 root wheel 0 Aug 17 23:54 userppp0
Should be:
srwx------ 1 root wheel 0 Aug 17 23:54 userppp0
I would like to prevent non-root and/or non-wheel from even
connecting to the socket, but ppp does not honor its configuration
option.
>How-To-Repeat:
Include a 'set server|socket' option in userppp's configuration file
to use a UNIX domain socket and dial the isp.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: