On 2003-11-29 21:12:57 +0000 Martin Collins sickofthesea@btinternet.com wrote:
You've made me realise that it is an insecure set-up. So I was wondering how other dial-up Linux users connect - what is the preferred method?
I have pppd starting on boot now (DSL) and used to have it starting on demand, so it's really root doing it. I think the normal way is to add all authorised users to "dialout" group and set pppd as setuid root with config options and file permissions for the dialout group (chown root.dialout pppd ; chmod u+srx,g+rx,o-rwx pppd ; #perhaps?).
It seems a bit dangerous to have a frontend like kppp setuid root, as I think then it can call pppd with all options, even restricted-to-root ones. Maybe I'm wrong about that? At best, it means that kppp bugs might allow someone to get root.