From alk@poboxer.pobox.com Sat Aug  7 00:26:07 1999
Return-Path: <alk@poboxer.pobox.com>
Received: from poboxer.pobox.com (ferg5200-1-19.cpinternet.com [208.149.16.19])
	by hub.freebsd.org (Postfix) with ESMTP id 0282514D82
	for <FreeBSD-gnats-submit@freebsd.org>; Sat,  7 Aug 1999 00:25:42 -0700 (PDT)
	(envelope-from alk@poboxer.pobox.com)
Received: (from alk@localhost)
	by poboxer.pobox.com (8.9.3/8.9.1) id CAA32555;
	Sat, 7 Aug 1999 02:24:53 -0500 (CDT)
	(envelope-from alk)
Message-Id: <199908070724.CAA32555@poboxer.pobox.com>
Date: Sat, 7 Aug 1999 02:24:53 -0500 (CDT)
From: Anthony Kimball <alk@pobox.com>
Sender: alk@poboxer.pobox.com
Reply-To: alk@pobox.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: ppp configuration file permission bits
X-Send-Pr-Version: 3.2

>Number:         13009
>Category:       bin
>Synopsis:       ppp(8) does draconian permission checks on its config file
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Aug  7 00:30:01 PDT 1999
>Closed-Date:    Mon Aug 9 15:55:11 PDT 1999
>Last-Modified:  Mon Aug  9 15:55:52 PDT 1999
>Originator:     Anthony Kimball
>Release:        FreeBSD 3.2-STABLE i386
>Organization:
Dis
>Environment:

vanilla

>Description:

ppp(8) will not operate if the current non-root user has permission
to write to its configuration file or its parent directories.

>How-To-Repeat:

sudo chmod g+w /etc/ppp/ppp.conf
ppp

>Fix:

Change the check from access(conf,W_OK) to detecting
erroneous S_IWOTH bits, thus allowing group access:
	
diff -u main.c main.c.old
--- main.c	Sat Aug  7 02:13:29 1999
+++ main.c.old	Sun May  2 03:59:47 1999
@@ -37,7 +37,6 @@
 #include <sys/time.h>
 #include <termios.h>
 #include <unistd.h>
-#include <sys/stat.h>
 
 #ifndef NOALIAS
 #ifdef __FreeBSD__
@@ -304,9 +303,7 @@
 
     snprintf(conf, sizeof conf, "%s/%s", _PATH_PPP, CONFFILE);
     do {
-      struct stat sb;
-
-      if (stat(conf,&sb) || (sb.st_mode & S_IWOTH)) {
+      if (!access(conf, W_OK)) {
         log_Printf(LogALERT, "ppp: Access violation: Please protect %s\n",
                    conf);
         return -1;



>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: brian 
State-Changed-When: Mon Aug 9 15:55:11 PDT 1999 
State-Changed-Why:  
Patch applied to -current (kind-of) 
>Unformatted:
