David> Also, pppd is public domain, and lives around many other
David> systems such as slowaris, lamex, *bsd. I don't know how
David> pppd got its SUID bit, but it doesn't need it.
Indeed it does - pppd needs to (1) create a network interface and (2)
possibly modify the kernel's routing table. To do both of these,
superuser priveleges are required. However it is true that pppd
handles its priveleges sloppily - i.e. it should not be running with
uid 0 when it is accessing the ttys, only when it needs to do some
privileged system calls.
I haven't looked at the source for pppd, but since it reads a *lot* of
different parameters from its config file(s), it seems likely that
there might be some buffer overflow problems. Has anyone looked into
this?
Cheers,
Will
--
////////////////////////////////////\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Will Waites || NIC Handle: WW1310
ww@styx.org ||
-----------------------------------||-----------------------------------
key ID = 2048/1CA68339 || Public key at pgp.ai.mit.edu
fingerprint = DA BE BD 7E 65 CD A3 3F E2 5D 66 0A 8D 9E 41 FD
------------------------------------------------------------------------
"If that makes any sense to you, you have a big problem"
-- C. Durance
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\////////////////////////////////////