NetBSD Problem Report #26703
Received: (qmail 27133 invoked by uid 605); 18 Aug 2004 04:18:17 -0000
Message-Id: <20040818015143.9080011152@narn.netbsd.org>
Date: Wed, 18 Aug 2004 01:51:43 +0000 (UTC)
From: gathorpe79@yahoo.com
Sender: gnats-bugs-owner@NetBSD.org
Reply-To: gathorpe79@yahoo.com
To: gnats-bugs@gnats.NetBSD.org
Subject: userppp does not set permissions on unix domain socket
X-Send-Pr-Version: www-1.0
>Number: 26703
>Category: pkg
>Synopsis: userppp does not set permissions on unix domain socket
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Aug 18 04:19:00 +0000 2004
>Closed-Date: Mon May 23 03:10:32 +0000 2022
>Last-Modified: Mon May 23 03:10:32 +0000 2022
>Originator: Gary Thorpe
>Release: 1.6
>Organization:
>Environment:
NetBSD elf.elven.org 1.6 NetBSD 1.6 (ELF) #1: Mon Sep 22 16:49:36 EST 2003 gthorpe@ranger.elven.org:/devel/build/kernels/ELF i386
>Description:
The ppp binary in the userppp package (userppp-001107) does not
follow configurations options to set the permissions of the UNIX
domain control socket. The control socket is used by pppctl for
administration purposes.
Contents of /usr/pkg/etc/ppp/ppp.conf:
default:
set log tun connect phase
set device /dev/dty01 /dev/dty02
set speed 115200
set timeout 300
set stopped 10
set choked 60
set socket /var/run/userppp%d "passwd" 077
resolv readonly
set dial "ABORT BUSY ABORT ERROR ABORT NO\\sCARRIER ABORT
NO\\sANSWER\
\"\" AT TIMEOUT 5 OK-ATZ-OK AT&F OK AT+MS=v34b,1,0,33600 OK ATDT\\T\
TIMEOUT 60 CONNECT"
isp:
set phone 0123456789
set redial 5 3
enable dns
set authname username
set authkey passwd
add default HISADDR
In /var/run:
srwxrwxrwx 1 root wheel 0 Aug 17 23:54 userppp0
Should be:
srwx------ 1 root wheel 0 Aug 17 23:54 userppp0
I would like to prevent non-root and/or non-wheel from even
connecting to the socket, but ppp does not honor its configuration
option.
>How-To-Repeat:
Include a 'set server|socket' option in userppp's configuration file
to use a UNIX domain socket and dial the isp.
>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->analyzed
State-Changed-By: cube
State-Changed-When: Sun Aug 22 22:41:14 UTC 2004
State-Changed-Why:
What happens is very simple: NetBSD ignores umask value for local sockets.
"The right thing to do", however, is less clear, but will be managed soon.
Responsible-Changed-From-To: pkg-manager->cube
Responsible-Changed-By: cube
Responsible-Changed-When: Sun Aug 22 22:41:14 UTC 2004
Responsible-Changed-Why:
I'll handle it.
Responsible-Changed-From-To: cube->pkg-manager
Responsible-Changed-By: wiz@NetBSD.org
Responsible-Changed-When: Mon, 01 Nov 2010 00:02:25 +0000
Responsible-Changed-Why:
back to role account.
State-Changed-From-To: analyzed->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Mon, 23 May 2022 03:10:32 +0000
State-Changed-Why:
The problem was caused by not honoring the umask when creating AF_UNIX
sockets. This has apparently been fixed in NetBSD sometime in the past
20 years.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.