Security problem is rp-pppoe

Hi,
My Mandrake 9.1 PC has an ADSL Internet connection using PPPoE.
I use rp-pppoe and it works fine for me but I can't see why I have to
run its commands as root.
Specifically, why do I have to enter the root password
WHILE CONNECTED to the Internet in order to shut down my
connection ("adsl-stop"). I consider it as a serious
security problem and wish I could avoid it.

Please advise.
Thanks in adavance.

"Michael Badt" <mibadt@actcom.net.il> wrote in message
news:pan.2003.09.28.03.39.22.577522@actcom.net.il. ..
> Hi,
> My Mandrake 9.1 PC has an ADSL Internet connection using PPPoE.
> I use rp-pppoe and it works fine for me but I can't see why I have to
> run its commands as root.
> Specifically, why do I have to enter the root password
> WHILE CONNECTED to the Internet in order to shut down my
> connection ("adsl-stop"). I consider it as a serious
> security problem and wish I could avoid it.

I've never looked at this code, but I think this probably because it would be
difficult to implement code for this to work as a non-root user. As I'm sure it has
many kernel hooks.

You could set up sudo for this command, if you just really don't want to run as
root. Which is good practice, but most people don't even consider it. You may be
able to setuid the commands as well.

Eric

>
> Please advise.
> Thanks in adavance.

Michael Badt wrote:

> Hi,
> My Mandrake 9.1 PC has an ADSL Internet connection using PPPoE.
> I use rp-pppoe and it works fine for me but I can't see why I have to
> run its commands as root.
> Specifically, why do I have to enter the root password
> WHILE CONNECTED to the Internet in order to shut down my
> connection ("adsl-stop"). I consider it as a serious
> security problem and wish I could avoid it.

While I don't know about ADSL, you can certainly configure the ethernet
interface, so that it can be shut down by a user. The same applies to any
other interface I've used, including wireless and a VPN. Look in
/etc/sysconfig/network-scripts for the device ifcfg file. If there's a
line "USERCTL=yes", then a user can control the interface.


--

Fundamentalism is fundamentally wrong.

To reply to this message, replace everything to the left of "@" with
james.knott.

Michael Badt <mibadt@actcom.net.il> wrote:

> My Mandrake 9.1 PC has an ADSL Internet connection using PPPoE.
> I use rp-pppoe and it works fine for me but I can't see why I have to
> run its commands as root.

If pppd is suid root then you shouldn't need to be root, provided
the execute permissions for it and the commands (scripts?) allow
regular users to run them. Some people think that setting pppd
suid root is not a good idea, but I see nothing wrong with it in
a trusted environment.

> Specifically, why do I have to enter the root password
> WHILE CONNECTED to the Internet in order to shut down my
> connection ("adsl-stop"). I consider it as a serious
> security problem and wish I could avoid it.

Perhaps the creator of adsl-stop didn't want just anyone to be able
to break the connection, which could be serving more than one user.
If it's a script then you may be able to edit and change it so that
you aren't required to enter the root password.

--
Clifford Kite Email: "echo xvgr_yvahk-ccc@ri1.arg|rot13"
PPP-Q&A links, downloads: http://ckite.no-ip.net/
/* Those who can't write, write manuals. */

On Sun, 28 Sep 2003 06:39:22 +0300, Michael Badt wrote:

> Hi,
> My Mandrake 9.1 PC has an ADSL Internet connection using PPPoE.
> I use rp-pppoe and it works fine for me but I can't see why I have to
> run its commands as root.
> Specifically, why do I have to enter the root password
> WHILE CONNECTED to the Internet in order to shut down my
> connection ("adsl-stop"). I consider it as a serious
> security problem and wish I could avoid it.
>
> Please advise.
> Thanks in adavance.

Because only root can bring up or shut down :
1. the pseudo-tty and it's associated program that sends out ethernet
frames.
2. the pppd daemon that must attach to that pseudo-tty.



Why do you consider it a security risk? Have you not secured your system
as yet?

Thank you all !

I'll definitely try to make good use of your advices.

Michael Badt


On Sun, 28 Sep 2003 10:31:36 -0400, joseph philip wrote:

> On Sun, 28 Sep 2003 06:39:22 +0300, Michael Badt wrote:
>
>> Hi,
>> My Mandrake 9.1 PC has an ADSL Internet connection using PPPoE. I use
>> rp-pppoe and it works fine for me but I can't see why I have to run its
>> commands as root.
>> Specifically, why do I have to enter the root password WHILE CONNECTED
>> to the Internet in order to shut down my connection ("adsl-stop"). I
>> consider it as a serious security problem and wish I could avoid it.
>>
>> Please advise.
>> Thanks in adavance.
>
> Because only root can bring up or shut down : 1. the pseudo-tty and it's
> associated program that sends out ethernet frames.
> 2. the pppd daemon that must attach to that pseudo-tty.
>
>
>
> Why do you consider it a security risk? Have you not secured your system
> as yet?