NetBSD Problem Report #26703

Received: (qmail 27133 invoked by uid 605); 18 Aug 2004 04:18:17 -0000
Message-Id: <20040818015143.9080011152@narn.netbsd.org>
Date: Wed, 18 Aug 2004 01:51:43 +0000 (UTC)
From: gathorpe79@yahoo.com
Sender: gnats-bugs-owner@NetBSD.org
Reply-To: gathorpe79@yahoo.com
To: gnats-bugs@gnats.NetBSD.org
Subject: userppp does not set permissions on unix domain socket
X-Send-Pr-Version: www-1.0

>Number:         26703
>Category:       pkg
>Synopsis:       userppp does not set permissions on unix domain socket
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Aug 18 04:19:00 +0000 2004
>Closed-Date:    Mon May 23 03:10:32 +0000 2022
>Last-Modified:  Mon May 23 03:10:32 +0000 2022
>Originator:     Gary Thorpe
>Release:        1.6
>Organization:
>Environment:
NetBSD elf.elven.org 1.6 NetBSD 1.6 (ELF) #1: Mon Sep 22 16:49:36 EST 2003     gthorpe@ranger.elven.org:/devel/build/kernels/ELF i386
>Description:
The ppp binary in the userppp package (userppp-001107) does not
follow configurations options to set the permissions of the UNIX
domain control socket. The control socket is used by pppctl for
administration purposes.
Contents of /usr/pkg/etc/ppp/ppp.conf:
default:
        set log tun connect phase
        set device /dev/dty01 /dev/dty02
        set speed 115200
        set timeout 300
        set stopped 10
        set choked 60
        set socket /var/run/userppp%d "passwd" 077
        resolv readonly
        set dial "ABORT BUSY ABORT ERROR ABORT NO\\sCARRIER ABORT
NO\\sANSWER\
        \"\" AT TIMEOUT 5 OK-ATZ-OK AT&F OK AT+MS=v34b,1,0,33600 OK ATDT\\T\
        TIMEOUT 60 CONNECT"

isp:
        set phone 0123456789
        set redial 5 3
        enable dns
        set authname username
        set authkey passwd
        add default HISADDR

In /var/run:
srwxrwxrwx  1 root  wheel      0 Aug 17 23:54 userppp0

Should be:
srwx------  1 root  wheel      0 Aug 17 23:54 userppp0

I would like to prevent non-root and/or non-wheel from even
connecting to the socket, but ppp does not honor its configuration
option.
>How-To-Repeat:
Include a 'set server|socket' option in userppp's configuration file
to use a UNIX domain socket and dial the isp.
>Fix:

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->analyzed 
State-Changed-By: cube 
State-Changed-When: Sun Aug 22 22:41:14 UTC 2004 
State-Changed-Why:  
What happens is very simple: NetBSD ignores umask value for local sockets. 
"The right thing to do", however, is less clear, but will be managed soon. 


Responsible-Changed-From-To: pkg-manager->cube 
Responsible-Changed-By: cube 
Responsible-Changed-When: Sun Aug 22 22:41:14 UTC 2004 
Responsible-Changed-Why:  
I'll handle it. 
Responsible-Changed-From-To: cube->pkg-manager
Responsible-Changed-By: wiz@NetBSD.org
Responsible-Changed-When: Mon, 01 Nov 2010 00:02:25 +0000
Responsible-Changed-Why:
back to role account.


State-Changed-From-To: analyzed->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Mon, 23 May 2022 03:10:32 +0000
State-Changed-Why:
The problem was caused by not honoring the umask when creating AF_UNIX
sockets. This has apparently been fixed in NetBSD sometime in the past
20 years.


>Unformatted:

Home	PR Database Search