pppd: Remove promptpass plugin #527
Conversation
This is prompted by a number of factors: * The handling of privileges and possibly file descriptors is flawed * In many cases there will be no terminal accessible to the prompter program at the point where the prompter is run * The passwordfd plugin does much the same thing but does it more cleanly and securely. Signed-off-by: Paul Mackerras <[email protected]>
|
Distro maintainers might want to take note of this, particularly if your distro installs pppd setuid-root. The concern is that if an unprivileged user can run pppd and somehow get the passprompt plugin loaded, the prompter program could perhaps regain root privileges because of the flaws in how the passprompt.c code drops privileges. Fortunately, because the 'plugin' option is privileged, the user can't load the passprompt plugin directly. Hopefully no distros include a file under $sysconfdir/ppp/peers that includes 'plugin passprompt.so'. In any case I suggest that the passprompt.so plugin be removed from being packaged by distros. @Neustradamus perhaps you could tag this for the various distro maintainers that you know of, so they see it. |
This is prompted by a number of factors:
The handling of privileges and possibly file descriptors is flawed
In many cases there will be no terminal accessible to the prompter program at the point where the prompter is run
The passwordfd plugin does much the same thing but does it more cleanly and securely.