Debian bug report logs - #1709 /usr/sbin/pppd needs to be setuid (chmod u+s) Package: ppp ; Reported by: swift@bu.edu; Done: Ian Murdock . ----------------------------------------------------------------------- Message received at debian-bugs-done: From debian.org!imurdock Thu Oct 19 18:31:49 1995 Return-Path: Received: from pixar.com by mongo.pixar.com with smtp (Smail3.1.28.1 #15) id m0t66JJ-0006GWC; Thu, 19 Oct 95 18:31 PDT Received: from imagine.imaginit.com by pixar.com with SMTP id AA10590 (5.67b/IDA-1.5 for debian-bugs-done-pipe@mongo.pixar.com); Thu, 19 Oct 1995 18:31:17 -0700 Received: by imagine.imaginit.com id (Debian /\oo/\ Smail3.1.29.1 #29.33); Thu, 19 Oct 95 20:34 EST Message-Id: Date: Thu, 19 Oct 95 20:34 EST From: Ian Murdock To: swift@bu.edu, debian-bugs@Pixar.com Cc: debian-bugs-done@Pixar.com In-Reply-To: <199510200114.VAA01289@aleph.bu.edu> (message from Matthew Swift on Thu, 19 Oct 1995 21:14:31 -0400) Subject: Re: Bug#1709: /usr/sbin/pppd needs to be setuid (chmod u+s) Date: Thu, 19 Oct 1995 21:14:31 -0400 From: Matthew Swift The pppd executable needs to have the setuid bit set when it is installed. No, this was done intentionally. Making pppd setuid root is a huge security hole. The solution is to run pppd as root. There really isn't any reason for normal users to be executing it. ----------------------------------------------------------------------- Notification sent to swift@bu.edu : Bug acknowledged by developer. Full text available. ----------------------------------------------------------------------- Reply sent to Ian Murdock : You have taken responsibility. Full text available. ----------------------------------------------------------------------- Message received at debian-bugs: From debian.org!imurdock Thu Oct 19 18:31:49 1995 Return-Path: Received: from pixar.com by mongo.pixar.com with smtp (Smail3.1.28.1 #15) id m0t66JJ-0006GWC; Thu, 19 Oct 95 18:31 PDT Received: from imagine.imaginit.com by pixar.com with SMTP id AA10590 (5.67b/IDA-1.5 for debian-bugs-done-pipe@mongo.pixar.com); Thu, 19 Oct 1995 18:31:17 -0700 Received: by imagine.imaginit.com id (Debian /\oo/\ Smail3.1.29.1 #29.33); Thu, 19 Oct 95 20:34 EST Message-Id: Date: Thu, 19 Oct 95 20:34 EST From: Ian Murdock To: swift@bu.edu, debian-bugs@Pixar.com Cc: debian-bugs-done@Pixar.com In-Reply-To: <199510200114.VAA01289@aleph.bu.edu> (message from Matthew Swift on Thu, 19 Oct 1995 21:14:31 -0400) Subject: Re: Bug#1709: /usr/sbin/pppd needs to be setuid (chmod u+s) Date: Thu, 19 Oct 1995 21:14:31 -0400 From: Matthew Swift The pppd executable needs to have the setuid bit set when it is installed. No, this was done intentionally. Making pppd setuid root is a huge security hole. The solution is to run pppd as root. There really isn't any reason for normal users to be executing it. ----------------------------------------------------------------------- Acknowledgement sent to Ian Murdock : Extra info received and forwarded. Full text available. ----------------------------------------------------------------------- Information forwarded to debian-devel@pixar.com : Bug#1709 ; Package ppp . Full text available. ----------------------------------------------------------------------- Message received at debian-bugs: From bu.edu!swift Thu Oct 19 18:14:42 1995 Return-Path: Received: from pixar.com by mongo.pixar.com with smtp (Smail3.1.28.1 #15) id m0t662k-000Bg6C; Thu, 19 Oct 95 18:14 PDT Received: from aleph.bu.edu (PPP-84-7.BU.EDU) by pixar.com with SMTP id AA09747 (5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Thu, 19 Oct 1995 18:14:15 -0700 Received: (from swift@localhost) by aleph.bu.edu (8.6.12/8.6.9) id VAA01289; Thu, 19 Oct 1995 21:14:31 -0400 Date: Thu, 19 Oct 1995 21:14:31 -0400 Message-Id: <199510200114.VAA01289@aleph.bu.edu> From: Matthew Swift To: debian-bugs@pixar.com Cc: swift@bu.edu, debian-users@pixar.com Subject: /usr/sbin/pppd needs to be setuid (chmod u+s) Reply-To: swift@bu.edu Package: ppp Version: 2.2-1 The pppd executable needs to have the setuid bit set when it is installed. Otherwise you get the kind of errors listed below at the end. These lines in the ppp.deb source pppd/Makefile are correct, but somehow they aren't percolating into the right actions in the Debian package: ---------- install: pppd mkdir -p $(BINDIR) install -c -m 4555 -o root pppd $(BINDIR)/pppd --------- ----------------- bash# dpkg -i ppp-2.2-1.deb (Reading database ... 19738 files and directories currently installed.) Preparing to replace ppp (using ppp-2.2-1.deb) ... Unpacking replacement ppp ... Setting up ppp ... bash# ls -la /usr/sbin/pppd -rwxr-xr-x 1 root root 90823 Oct 3 21:48 /usr/sbin/pppd ------------- The errors are e.g.: ----------- Oct 19 20:10:15 aleph kernel: registered device ppp0 Oct 19 20:10:15 aleph pppd[288]: pppd 2.2.0 started by swift, uid 501 [everything going fine here; we reach my provider, log in, etc.] Oct 19 20:10:36 aleph pppd[288]: Serial connection established. Oct 19 20:10:37 aleph pppd[288]: ioctl(PPPIOCGUNIT): Operation not permitted Oct 19 20:10:37 aleph pppd[288]: ioctl(PPPIOCGDEBUG): Operation not permitted Oct 19 20:10:37 aleph pppd[288]: Exit. ------------ ----------------------------------------------------------------------- Acknowledgement sent to swift@bu.edu : New bug report received and forwarded. Full text available. ----------------------------------------------------------------------- Report forwarded to debian-devel@pixar.com : Bug#1709 ; Package ppp . Full text available. ----------------------------------------------------------------------- Ian Jackson / iwj10@thor.cam.ac.uk , with the debian-bugs tracking mechanism This page last modified 07:43:01 GMT Wed 01 Nov