Re: pppd security

All of lore.kernel.org
 help / color / mirror / Atom feed

From: jfj <jfj@freemail.gr>
To: linux-ppp@vger.kernel.org
Subject: Re: pppd security
Date: Mon, 18 Sep 2006 19:39:11 +0000	[thread overview]
Message-ID: <450EF5DF.3050802@freemail.gr> (raw)
In-Reply-To: <450EBBCE.5030204@freemail.gr>

James Carlson wrote:

> No more or less so than it's possible to do the same via an Ethernet
> adapter.

 > /dev/ppp provides a datalink layer interface to the system. The
 > security on such interfaces (in general) ought to be the same.

So it is possible to dump UDP packets to /dev/ppp (and /dev/eth (and PPP
packets to /dev/tty)). More or less...

If I understand correctly, the only program that is supposed to use
/dev/ppp is pppd, to establish the connection. After that the packets
go there through the internal TCP/IP stack. And noone else should
be messing with /dev/ppp normally.

If so, does it sound like a feasible idea to hack the kernel to forbid
opening the /dev/ppp device to other processes, once pppd is working?

Another idea is to rename /dev/ppp to /dev/secretppp and hack pppd
to use that instead?

Other ideas to lock access to /dev/ppp?

Thanks,

jerald

next prev parent reply	other threads:[~2006-09-18 19:39 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-09-18 15:31 pppd security jfj
2006-09-18 16:10 ` James Carlson
2006-09-18 19:39 ` jfj [this message]
2006-09-18 19:48 ` James Carlson
2006-09-18 20:29 ` jfj
2006-09-18 20:46 ` James Carlson
2006-09-19 12:07 ` jfj

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=450EF5DF.3050802@freemail.gr \
    --to=jfj@freemail.gr \
    --cc=linux-ppp@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.