On Wed, Apr 08, 1998 at 09:32:34AM +1000, David Leonard wrote:

> I think you'll find using sudo is far nicer than su -.
> 
> On Sat, 28 Mar 1998, Roger Fischer wrote:
> 
> > I don't like having to SU everytime I start PPP.

Hi! One problem with sudo is that it's not necessarily secure when you
run a script from it. The documentation suggests that running a script from
sudo is as insecure as making the script itself SUID root.

To do this stuff on my system, I whipped up a quick wrapper program that
executes the appropriate script.

The binary looks like:

---S--x---  1 root  netter    8874 Feb 24 12:13 ppp-up

This is mode 4010. It means that the only people who can execute the program
are folks in the netter group, from /etc/group.

Here's the source:


#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>

main()
{
    int theError = 0;

    theError = setuid(0);
    if (theError) {
        printf("Error %d encountered in setuid(): ", errno);
        puts(strerror(errno));
        exit();
    }

    theError = execl("/etc/ppp/ppp-up", "ppp-up", (char *) NULL);
    if (theError) {
        printf("Error %d encountered in execl(): ", errno);
        puts(strerror(errno));
    }
}


You can do something similar for ppp-down. I popped the binaries for all
my connection control scripts into /usr/local/bin, and they work like a
charm.

PS: If I'm being silly and this method isn't safe, I'd love to hear it from
someone. :)

-- 
Mason Loring Bliss...mason@acheron.middleboro.ma.us...www.webtrek.com/mason
"In the drowsy dark cave of the mind dreams build their nest with fragments
 dropped from day's caravan."--Rabindranath Tagore...awake ? sleep : dream;