Debian bug report logs - #1709
/usr/sbin/pppd needs to be setuid (chmod u+s)

Package: ppp; Reported by: swift@bu.edu; Done: Ian Murdock <imurdock@debian.org>.

Message received at debian-bugs-done:


From debian.org!imurdock Thu Oct 19 18:31:49 1995
Return-Path: <imurdock@debian.org>
Received: from pixar.com by mongo.pixar.com with smtp
	(Smail3.1.28.1 #15) id m0t66JJ-0006GWC; Thu, 19 Oct 95 18:31 PDT
Received: from imagine.imaginit.com by pixar.com with SMTP id AA10590
  (5.67b/IDA-1.5 for debian-bugs-done-pipe@mongo.pixar.com); Thu, 19 Oct 1995 18:31:17 -0700
Received: by imagine.imaginit.com
	id <m0t66M2-0001dOC@imagine.imaginit.com>
	(Debian /\oo/\ Smail3.1.29.1 #29.33); Thu, 19 Oct 95 20:34 EST
Message-Id: <m0t66M2-0001dOC@imagine.imaginit.com>
Date: Thu, 19 Oct 95 20:34 EST
From: Ian Murdock <imurdock@debian.org>
To: swift@bu.edu, debian-bugs@Pixar.com
Cc: debian-bugs-done@Pixar.com
In-Reply-To: <199510200114.VAA01289@aleph.bu.edu> (message from Matthew Swift
	on Thu, 19 Oct 1995 21:14:31 -0400)
Subject: Re: Bug#1709: /usr/sbin/pppd needs to be setuid (chmod u+s)

   Date: Thu, 19 Oct 1995 21:14:31 -0400
   From: Matthew Swift <swift@bu.edu>

   The pppd executable needs to have the setuid bit set when it is
   installed.

No, this was done intentionally.  Making pppd setuid root is a huge
security hole.

The solution is to run pppd as root.  There really isn't any reason
for normal users to be executing it.
Notification sent to swift@bu.edu:
Bug acknowledged by developer. Full text available.
Reply sent to Ian Murdock <imurdock@debian.org>:
You have taken responsibility. Full text available.

Message received at debian-bugs:


From debian.org!imurdock Thu Oct 19 18:31:49 1995
Return-Path: <imurdock@debian.org>
Received: from pixar.com by mongo.pixar.com with smtp
	(Smail3.1.28.1 #15) id m0t66JJ-0006GWC; Thu, 19 Oct 95 18:31 PDT
Received: from imagine.imaginit.com by pixar.com with SMTP id AA10590
  (5.67b/IDA-1.5 for debian-bugs-done-pipe@mongo.pixar.com); Thu, 19 Oct 1995 18:31:17 -0700
Received: by imagine.imaginit.com
	id <m0t66M2-0001dOC@imagine.imaginit.com>
	(Debian /\oo/\ Smail3.1.29.1 #29.33); Thu, 19 Oct 95 20:34 EST
Message-Id: <m0t66M2-0001dOC@imagine.imaginit.com>
Date: Thu, 19 Oct 95 20:34 EST
From: Ian Murdock <imurdock@debian.org>
To: swift@bu.edu, debian-bugs@Pixar.com
Cc: debian-bugs-done@Pixar.com
In-Reply-To: <199510200114.VAA01289@aleph.bu.edu> (message from Matthew Swift
	on Thu, 19 Oct 1995 21:14:31 -0400)
Subject: Re: Bug#1709: /usr/sbin/pppd needs to be setuid (chmod u+s)

   Date: Thu, 19 Oct 1995 21:14:31 -0400
   From: Matthew Swift <swift@bu.edu>

   The pppd executable needs to have the setuid bit set when it is
   installed.

No, this was done intentionally.  Making pppd setuid root is a huge
security hole.

The solution is to run pppd as root.  There really isn't any reason
for normal users to be executing it.
Acknowledgement sent to Ian Murdock <imurdock@debian.org>:
Extra info received and forwarded. Full text available.
Information forwarded to debian-devel@pixar.com:
Bug#1709; Package ppp. Full text available.

Message received at debian-bugs:


From bu.edu!swift Thu Oct 19 18:14:42 1995
Return-Path: <swift@bu.edu>
Received: from pixar.com by mongo.pixar.com with smtp
	(Smail3.1.28.1 #15) id m0t662k-000Bg6C; Thu, 19 Oct 95 18:14 PDT
Received: from aleph.bu.edu (PPP-84-7.BU.EDU) by pixar.com with SMTP id AA09747
  (5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Thu, 19 Oct 1995 18:14:15 -0700
Received: (from swift@localhost) by aleph.bu.edu (8.6.12/8.6.9) id VAA01289; Thu, 19 Oct 1995 21:14:31 -0400
Date: Thu, 19 Oct 1995 21:14:31 -0400
Message-Id: <199510200114.VAA01289@aleph.bu.edu>
From: Matthew Swift <swift@bu.edu>
To: debian-bugs@pixar.com
Cc: swift@bu.edu, debian-users@pixar.com
Subject: /usr/sbin/pppd needs to be setuid (chmod u+s)
Reply-To: swift@bu.edu


Package: ppp
Version: 2.2-1

The pppd executable needs to have the setuid bit set when it is installed.

Otherwise you get the kind of errors listed below at the end.

These lines in the ppp.deb source pppd/Makefile are correct, but somehow they
aren't percolating into the right actions in the Debian package:

----------
install: pppd
	mkdir -p $(BINDIR)
	install -c -m 4555 -o root pppd $(BINDIR)/pppd
---------

-----------------
bash# dpkg -i ppp-2.2-1.deb 
(Reading database ... 19738 files and directories currently installed.)
Preparing to replace ppp (using ppp-2.2-1.deb) ...
Unpacking replacement ppp ...
Setting up ppp ...

bash# ls -la /usr/sbin/pppd
-rwxr-xr-x   1 root     root        90823 Oct  3 21:48 /usr/sbin/pppd
-------------

The errors are e.g.:
----------- 
Oct 19 20:10:15 aleph kernel: registered device ppp0
Oct 19 20:10:15 aleph pppd[288]: pppd 2.2.0 started by swift, uid 501

[everything going fine here; we reach my provider, log in, etc.]

Oct 19 20:10:36 aleph pppd[288]: Serial connection established.
Oct 19 20:10:37 aleph pppd[288]: ioctl(PPPIOCGUNIT): Operation not permitted
Oct 19 20:10:37 aleph pppd[288]: ioctl(PPPIOCGDEBUG): Operation not permitted
Oct 19 20:10:37 aleph pppd[288]: Exit.
------------
Acknowledgement sent to swift@bu.edu:
New bug report received and forwarded. Full text available.
Report forwarded to debian-devel@pixar.com:
Bug#1709; Package ppp. Full text available.
Ian Jackson / iwj10@thor.cam.ac.uk, with the debian-bugs tracking mechanism
This page last modified 07:43:01 GMT Wed 01 Nov