On Fri, Oct 25, 2002 at 07:05:57PM -0700, Terry Lambert wrote: > Brooks Davis wrote: > > This isn't going to have an effect on the ability to use kernel ppp for > > other things. The tty orientation of pppd and the outdated, unmodular > > design on ppp(4) have taken care of that. This patch gives people > > the functionality they want (pppd just working) without any major > > entanglements (the whole function is <20 lines). If someone > > wants to make pppd work on arbitrary devices we can deal with that when > > it happens and I frankly doubt it's ever going to since we've got > > netgraph to do that with. > > Depending on the value of "sysctl kern.module_path", if the "if_ppp" > module does not exist, and one of the path components is writeable, > then this would permit you to abuse the pppd to load arbitrary modules > into the kernel. > > So I understand Bakul's complaint. > > But by the same token, "mount" and "ifconfig" have the same problems; > on the other hand, unlike pppd, they are not suid root.
Note the getuid() check to prevent exactly this problem. If you want to keep root from loading modules, that's a kernel problem. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
msg45356/pgp00000.pgp
Description: PGP signature