Hello, Well, no response from Marco yet. I've incorporated your suggestion, however, and made "noauth" in /etc/ppp/peers/kppp-options commented out by default. I've also documented this change.
While kppp will require root intervention to get "noauth", this is still an improvement, in terms of security, over simply instructing users to set "noauth" in /etc/ppp/options, since "auth" will still be the default; only malicious users could exploit "noauth". I've attached the two updated patches. But I'm still hoping someone can come up with a clever solution that won't require any editing of files at all. Cheers, Christopher Martin
--- kdenetwork-3.2.2/debian/rules 2004-04-28 16:39:18.000000000 -0400 +++ kdenetwork-3.2.2/debian/rules 2004-05-06 16:03:56.000000000 -0400 @@ -160,10 +160,16 @@ cd $(objdir) && \ $(MAKE) install DESTDIR=$(CURDIR)/debian/tmp + # Create special ppp config file for kppp + mkdir -p debian/tmp/etc/ppp/peers + echo "#noauth" > debian/tmp/etc/ppp/peers/kppp-options + # kppp permissions chown root:dip debian/tmp/usr/bin/kppp* - chmod 2754 debian/tmp/usr/bin/kppp + chown root:dip debian/tmp/etc/ppp/peers/kppp-options + chmod 4754 debian/tmp/usr/bin/kppp chmod 0754 debian/tmp/usr/bin/kppplogview + chmod 0640 debian/tmp/etc/ppp/peers/kppp-options #chmod 4755 debian/tmp/usr/sbin/reslisa @@ -205,7 +211,7 @@ dh_link dh_strip dh_compress -X.bz2 -X.css -X.dcl -X.docbook -X-license -X.tag - dh_fixperms -Xusr/bin/kppp -Xusr/bin/kppplogview + dh_fixperms -Xusr/bin/kppp -Xusr/bin/kppplogview -Xetc/ppp/peers/kppp-options dh_perl # dh_python dh_makeshlibs -V
--- ../../orig/kdenetwork-3.2.2/debian/kppp.README.Debian 2004-04-28 16:39:18.000000000 -0400 +++ kppp.README.Debian 2004-05-06 16:12:47.000000000 -0400 @@ -2,20 +2,13 @@ ========================== In order to actually use kppp you must first be a part of the "dip" group. -This is the same for using PPP in general on Debian. If you are not a part -of this group you will not be able to actually run pppd or setup proper -connections. +This is the standard for using ppp in general with Debian. If you are not a +member of this group, you will not be able to run pppd or setup connections. - -kppp and immediate disconnects -============================== - -In order for kppp to properly work you must set "noauth" in /etc/ppp/options. -Keep in mind that you main have /etc/ppp/options.ttyS0 (For example) so make -sure you change it in the proper (all?) file. - -The default is "auth" so if you don't change this most likely you'll connect -and end up just getting a disconnect shortly after. - - -- Ivan E. Moore II <[EMAIL PROTECTED]> +Furthermore, kppp requires that the ppp daemon be run with the "noauth" +option. However, pppd's default setting is "auth", and for security reasons +it should remain so. To work around this problem, uncomment "noauth" in +/etc/ppp/peers/kppp-options. You should then be able to connect. Note that +making this change opens the possibility that other malicious members of the +"dip" group could now potentially abuse the ppp daemon with the "noauth" +option.