pppd in 'setuid-root' mode

pppd in 'setuid-root' mode

Post by npap.. » Sun, 15 Aug 1999 04:00:00



    I have been trying to get a small dock app ("wmppp") to work.  I am
very close but have run into 1 problem that I believe is my final road
block.
    I get the following message whenever I try to connect using the
script I have set up:
        /usr/sbin/pppd: must be root to run /usr/sbin/pppd, since it is
not setuid-root

    Is "setuid-root" a compile time option, or can I set this someplace
else?

    (if possible, please resond via e-mail).

    Thanks for any help!

    Nick

 
 
 

pppd in 'setuid-root' mode

Post by Michael Eds » Sun, 15 Aug 1999 04:00:00


I *think* it's an option you can set somewhere else.  I read
a message a few days ago that I didn't understand (I'm new
to Linux) that said that to let non-root users use kpppd,
you should use the KDE file manager, right click on the
file, click on "properties," and click the "set uid" button.  
Sounds like what you want.

Sorry to be so vague, but I've only just begun to try out
Linux the day before yesterday.  At this point, I'm still
not sure that I see any reason to prefer it to Windows
(other than it's cost, and the fact that I don't own a whole
pile of Microsoft stock).

-Note real email:  mmedson at att dot net



Quote:>     I have been trying to get a small dock app ("wmppp") to work.  I am
> very close but have run into 1 problem that I believe is my final road
> block.
>     I get the following message whenever I try to connect using the
> script I have set up:
>         /usr/sbin/pppd: must be root to run /usr/sbin/pppd, since it is
> not setuid-root

>     Is "setuid-root" a compile time option, or can I set this someplace
> else?

>     (if possible, please resond via e-mail).

>     Thanks for any help!

>     Nick


 
 
 

pppd in 'setuid-root' mode

Post by Vilmos Sot » Mon, 16 Aug 1999 04:00:00



>     I have been trying to get a small dock app ("wmppp") to work.  I am
> very close but have run into 1 problem that I believe is my final road
> block.
>     I get the following message whenever I try to connect using the
> script I have set up:
>         /usr/sbin/pppd: must be root to run /usr/sbin/pppd, since it is
> not setuid-root

>     Is "setuid-root" a compile time option, or can I set this someplace
> else?

No, it is not a compile time option. If you run any non setuid program,
then the binary will run with your UID and with rights associated with
you. So, for example, if as a non-root user you run a program which
needs to set some system resources you cannot do much since the program
will run with your UID. PPP is a program which needs the suid bit since
it has to bring up the ppp interface and to change the routing table.
(Imagine if anybody could mess with the routing table, or if anybody
could open /dev/hda with fdisk.) If the setuid bit is set on a program,
then the program will run with the privileges of the account which was
used to set the suid bit. If it was root, then the program will have
root rights irrevelant who runs it. (sort of.) The PPP-HOWTO discusses
how to set the setuid bit, and it is a good piece ow writing so I
recommend you to read it.

Setuid can be set with the chmod program. For pppd, it is

chmod u+s /usr/sbin/pppd

executed by root.

--
Looking for a job in British Columbia.

 
 
 

pppd in 'setuid-root' mode

Post by W.G. Unr » Mon, 16 Aug 1999 04:00:00



>    I have been trying to get a small dock app ("wmppp") to work.  I am
>very close but have run into 1 problem that I believe is my final road
>block.

A First run everything as root, and make sure that it works.
Then do
chmod a+rx /usr/sbin/pppd /usr/sbin/chat
chmod u+s /usr/sbin/pppd
chmod +rw /dev/ttyS?
Quote:>    I get the following message whenever I try to connect using the
>script I have set up:
>        /usr/sbin/pppd: must be root to run /usr/sbin/pppd, since it is
>not setuid-root
>    Is "setuid-root" a compile time option, or can I set this someplace
>else?
>    (if possible, please resond via e-mail).
>    Thanks for any help!
>    Nick

 
 
 

pppd in 'setuid-root' mode

Post by Richard G Brow » Tue, 17 Aug 1999 04:00:00


Quote:> >    I have been trying to get a small dock app ("wmppp") to work.  I am
> >very close but have run into 1 problem that I believe is my final road
> >block.

> A First run everything as root, and make sure that it works.
> Then do
> chmod a+rx /usr/sbin/pppd /usr/sbin/chat
> chmod u+s /usr/sbin/pppd
> chmod +rw /dev/ttyS?

I have a problem in a similar vein:

I have PPP set up for root - with ppp-on being used to call pppd and chat,
etc and it works fine.

However, I want ppp to be available to a specific group of non-root users,
namely the group pppusers.

Accordingly, I have done the following:

made pppd suid root, and owned by group pppusers
Made the relevant users members of the pppusers group

When I call ppp-on (or even just /usr/sbin/pppd /dev/ttyS1) from one of
these users' accounts, I get a permission error on /dev/ttyS1. i.e. even
though pppd is running as root, the system will not let it access the
modem.

/dev/ttyS1 is owned by root and has tty as its group.

The only thing I can think of is that pppd is calling a shell script
somewhere and so the kernel is revoking its suid status perhaps.

I can understand this if I call pppd from ppp-on, but not when it's called
by itself. Any ideas?

(Of course, I could always change the group ownsership of ttyS1 to
pppusers but then I would be giving them direct access to the port)

(I'm running Mandrake 6.0.)

Thanks,

Richard.

 
 
 

pppd in 'setuid-root' mode

Post by W.G. Unr » Tue, 17 Aug 1999 04:00:00



Quote:>by itself. Any ideas?
>(Of course, I could always change the group ownsership of ttyS1 to
>pppusers but then I would be giving them direct access to the port)

They need direct access to the port since that is where the date is written
to and read from. And since an suid pppd program gets rid of its root
uid as quickly as possible (it is really only needed to set up routes I think)
and since chat never has root permission, the users HAVE to be able to write
to that port.
 
 
 

pppd in 'setuid-root' mode

Post by John Hasle » Tue, 17 Aug 1999 04:00:00


Quote:> made pppd suid root, and owned by group pppusers

Owned by a group?  That makes no sense.  Make pppd suid root, in group
pppusers, and executable by the group, like this:

-rwsr-x---   1 root     pppusers        126256 Aug 11 20:20 /usr/sbin/pppd

I would be surprised if Mandrake did not ship pppd already set up like
this (though the group might have been something like 'dip').
--
John Hasler                This posting is in the public domain.

Dancing Horse Hill         Make money from it if you can; I don't mind.
Elmwood, Wisconsin         Do not send email adverti*ts to this address.

 
 
 

pppd in 'setuid-root' mode

Post by John Hasle » Wed, 18 Aug 1999 04:00:00


Quote:W.G. Unruh writes:
> They need direct access to the port since that is where the date is
> written to and read from. And since an suid pppd program gets rid of its
> root uid as quickly as possible (it is really only needed to set up
> routes I think)...

pppd opens the serial port as root.

Quote:> ...and since chat never has root permission,...

chat never needs root.  It talks only to its standard input and standard
output.

Quote:> ...the users HAVE to be able to write to that port.

They do not.
--
John Hasler                This posting is in the public domain.

Dancing Horse Hill         Make money from it if you can; I don't mind.
Elmwood, Wisconsin         Do not send email adverti*ts to this address.
 
 
 

pppd in 'setuid-root' mode

Post by Richard G Brow » Wed, 18 Aug 1999 04:00:00


Quote:> > made pppd suid root, and owned by group pppusers

> Owned by a group?  That makes no sense.  

Yes it does :-) I mean that root owns the file and the "group owner" is
pppusers. (As you've typed below) Sorry - I should have made it more
clear.

Make pppd suid root, in group

Quote:> pppusers, and executable by the group, like this:

> -rwsr-x---   1 root     pppusers        126256 Aug 11 20:20 /usr/sbin/pppd

That is precisely how I have it set up yet pppd can't access ttyS1 when
executed by a non-root member of the pppusers group.

I would like to have /dev/ttyS1 have permissions
 -rw-------    1 root     tty

but I can only get ppd to work if I make it

 -rw-rw----    1 root     pppusers

which is obviously less than desirable (but at least works)

I suspect the system is revoking pppd's suid root status at some point and
I was wondering if there are any likely causes of this? (When initially
called by a pppuser, I think pppd _is_ running as root as I don't get the
standard error message telling me to run it as root!)

Thanks for your help,

Richard.

> I would be surprised if Mandrake did not ship pppd already set up like
> this (though the group might have been something like 'dip').
> --
> John Hasler                This posting is in the public domain.

> Dancing Horse Hill         Make money from it if you can; I don't mind.
> Elmwood, Wisconsin         Do not send email adverti*ts to this address.

 
 
 

pppd in 'setuid-root' mode

Post by Clifford Ki » Wed, 18 Aug 1999 04:00:00



: W.G. Unruh writes:

: > They need direct access to the port since that is where the date is
: > written to and read from. And since an suid pppd program gets rid of its
: > root uid as quickly as possible (it is really only needed to set up
: > routes I think)...

: pppd opens the serial port as root.

Only for root or if the device file name comes from a privileged source.

: > ...and since chat never has root permission,...

: chat never needs root.  It talks only to its standard input and standard
: output.

Correct.

: > ...the users HAVE to be able to write to that port.

: They do not.

Yes, they do.  Read the pppd man pages.

--

/* Speak softly and carry a +6 two-handed sword. */

 
 
 

pppd in 'setuid-root' mode

Post by Chris Butl » Wed, 18 Aug 1999 04:00:00


[comp.os.linux.misc - Tue, 17 Aug 1999 13:04:01 +0100] * Richard G wrote *

Quote:> I suspect the system is revoking pppd's suid root status at some point and
> I was wondering if there are any likely causes of this? (When initially
> called by a pppuser, I think pppd _is_ running as root as I don't get the
> standard error message telling me to run it as root!)

pppd sets its UID back to the UID of the user who ran it once it has done
whatever it needs root privs to do. Basically because doing a lot of stuff
as root is generally a Bad Thing(tm).

--
Chris Butler

 
 
 

pppd in 'setuid-root' mode

Post by John Hasle » Thu, 19 Aug 1999 04:00:00


Quote:Clifford Kite writes:
> Only for root or if the device file name comes from a privileged source.

As it should.  Users should not be configuring network interfaces.  Pppd
should not be passed any command line option other than 'call <provider>'
by users.  The less said about .ppprc the better.

Quote:> Yes, they do.

Users do not have to be able to to write to the port.  Pppd on Debian works
just fine without it.
--
John Hasler                This posting is in the public domain.

Dancing Horse Hill         Make money from it if you can; I don't mind.
Elmwood, Wisconsin         Do not send email adverti*ts to this address.
 
 
 

pppd in 'setuid-root' mode

Post by Clifford Ki » Fri, 20 Aug 1999 04:00:00



: Clifford Kite writes:

: > Only for root or if the device file name comes from a privileged source.

: As it should.  Users should not be configuring network interfaces.  Pppd
: should not be passed any command line option other than 'call <provider>'
: by users.  The less said about .ppprc the better.

Huh?  The point was that it's not always opened by root which what was
you implied.  As far as passing options as arguments to pppd goes I
don't see a problem since pppd can be configured to disallow the ones
that have the potential to cause harm if misused.  And regarding .ppprc
my feeling is that it is futile to try to suppress information that is
available to anyone willing to read the pppd manual by simply not saying
anything about it.  If you have a specific concern regarding .ppprc it
would be better to voice that concern so others can understand what you
see as posing a problem.

: > Yes, they do.

: Users do not have to be able to to write to the port.  Pppd on Debian works
: just fine without it.

Only if Debian configures pppd for use in a special way.  If the ones
using pppd are members of a group that includes the device file group then
they could open it (with rw group permissions).  Or, perhaps, the pppd
privgroup option is used and they are members of that group.  Users that
are not a member of the group will not be able to explicitly invoke pppd
without "other" read/write permission for the device file.  Of course
if the only use for pppd is a single ISP connection then pppd can be run
with the demand option, in which case all the permissions of the device
file can be turned off - including those for root.

--

/* 97.3% of all statistics are made up. */

 
 
 

pppd in 'setuid-root' mode

Post by John Hasle » Sat, 21 Aug 1999 04:00:00



> Users do not have to be able to to write to the port.  Pppd on Debian
> works just fine without it.
Clifford Kite writes:
> Only if Debian configures pppd for use in a special way.

No, it is pretty much stock.

Quote:> If the ones using pppd are members of a group that includes the device
> file group then they could open it (with rw group permissions).  Or,
> perhaps, the pppd privgroup option is used and they are members of that
> group.  Users that are not a member of the group will not be able to
> explicitly invoke pppd without "other" read/write permission for the
> device file.  Of course if the only use for pppd is a single ISP
> connection then pppd can be run with the demand option, in which case all
> the permissions of the device file can be turned off - including those
> for root.

None of the above.  From the SETUP file in ppp-2.3.8:

  The recommended way to set up to dial an ISP is for the system
  administrator to create a file under /etc/ppp/peers, named for the ISP
  that you will be dialling.  For example, suppose the file is called
  /etc/ppp/peers/isp.  This file would contain something like this:

  cua0            # modem is connected to /dev/cua0
  38400           # run the serial port at 38400 baud
  crtscts         # use hardware flow control
  noauth          # don't require the ISP to authenticate itself
  defaultroute    # use the ISP as our default route
  connect '/usr/sbin/chat -v -f /etc/ppp/chat-isp'

  If there are any other pppd options that should apply when calling
  this ISP, they can also be placed in this file.

  The /etc/ppp/chat-isp file named in the last line contains the script
  for chat(8) to use to dial the ISP and go through any username/
  password authentication required before PPP service starts.

This, of course, is just what Debian does (chatscripts go in
/etc/chatscripts. but that is minor).  With this system you can have as
many isp's as you want, and the users do not access to any ports.

You don't need to edit any files to set this up on a Debian system:
pppconfig takes care of that via a whiptail UI.  It also takes care of DNS.
--
John Hasler                This posting is in the public domain.

Dancing Horse Hill         Make money from it if you can; I don't mind.
Elmwood, Wisconsin         Do not send email adverti*ts to this address.

 
 
 

pppd in 'setuid-root' mode

Post by Clifford Ki » Sun, 22 Aug 1999 04:00:00


: None of the above.  From the SETUP file in ppp-2.3.8:

:   The recommended way to set up to dial an ISP is for the system
:   administrator to create a file under /etc/ppp/peers, named for the ISP
:   that you will be dialling.  For example, suppose the file is called

Duh.  What goes good with crow?  You're right, this dial-up configuration
does not require user read/write permissions for the device file.  My
only (weak) excuse is that this feature is unadvertised in the pppd
documentation.  As you point out it also has the advantage over demand
that more than one dial-out connection can be configured.

Thanks for the new insight!

--

/* Microsoft is a great marketing organization.
 * It _has_ to be */