Mailinglist Archive: opensuse-security (487 mails)
| < Previous | Next > |
Re: [suse-security] network privileges of user nobody??? how to configure???
- From: David Huecking <d.huecking@xxxxxxx>
- Date: Wed, 16 Oct 2002 11:27:13 +0200 (CEST)
- Message-id: <Pine.LNX.4.33.0210161118080.30084-100000@xxxxxxxxxxxxxxxxxxxx>
This affect is not very strange. It's normal for SuSE-Linux. They do
correct the ownership and chmod-bits according to /etc/permissions*.
e.g. a "grep sbin/pppd /etc/permissions*"
/etc/permissions.easy:/usr/sbin/pppd root.dialout 6754
/etc/permissions.paranoid:/usr/sbin/pppd root.dialout 0750
/etc/permissions.secure:/usr/sbin/pppd root.dialout 6750
So we see that only when using the easy permissions pppd is set SUID for
the group dialout and a dialout could be triggered for name resolution by
a normal user in the group dialout.
All in all this has nothing to to with ping itself...
Everything clear now?! ;-)
--
Eat, sleep and go running,
David Huecking.
Encrypted eMail welcome! GnuPG/ PGP-Fingerprint:
3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216
On Wed, 16 Oct 2002, Michael Seewald wrote:
> > The error-message "ping: unknown host..." sounds more like an error in
> > name-resolving in that very moment. Could you try the ping not with a
> > DNS-name but with an IP (e.g. 193.99.144.71 for www.heise.de) or maybe you
>
> Yes, that does it. Apparently, name resolution failed!!!
>
> Today, I noticed that these effects disappear when I change permissions (in
> yast) to "easy" and restart the pppd daemon. Apparently, SuSEconfig changes
> pppd to group dialout with a SUID bit. When the daemon is started with the new
> permissions it somehow brings up these effects.
>
> Strange!
correct the ownership and chmod-bits according to /etc/permissions*.
e.g. a "grep sbin/pppd /etc/permissions*"
/etc/permissions.easy:/usr/sbin/pppd root.dialout 6754
/etc/permissions.paranoid:/usr/sbin/pppd root.dialout 0750
/etc/permissions.secure:/usr/sbin/pppd root.dialout 6750
So we see that only when using the easy permissions pppd is set SUID for
the group dialout and a dialout could be triggered for name resolution by
a normal user in the group dialout.
All in all this has nothing to to with ping itself...
Everything clear now?! ;-)
--
Eat, sleep and go running,
David Huecking.
Encrypted eMail welcome! GnuPG/ PGP-Fingerprint:
3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216
On Wed, 16 Oct 2002, Michael Seewald wrote:
> > The error-message "ping: unknown host..." sounds more like an error in
> > name-resolving in that very moment. Could you try the ping not with a
> > DNS-name but with an IP (e.g. 193.99.144.71 for www.heise.de) or maybe you
>
> Yes, that does it. Apparently, name resolution failed!!!
>
> Today, I noticed that these effects disappear when I change permissions (in
> yast) to "easy" and restart the pppd daemon. Apparently, SuSEconfig changes
> pppd to group dialout with a SUID bit. When the daemon is started with the new
> permissions it somehow brings up these effects.
>
> Strange!
| < Previous | Next > |