[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: [PATCH] kppp without suid
From: Thadeu Lima de Souza Cascardo <cascardo () holoscopio ! com>
Date: 2009-05-29 11:24:35
Message-ID: 20090529112434.GA8859 () vespa ! holoscopio ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Sat, May 23, 2009 at 02:49:47PM +0200, Harri Porten wrote:
> Hello Thadeu,
>
> thanks for getting involved. Maybe I can soon pass on the baton of
> maintainership to someone else? :)
>
> On Fri, 22 May 2009, Thadeu Lima de Souza Cascardo wrote:
>
>> I've hit a problem recently when using an installation of kppp in SuSE.
>> Instead of using some recommended solutions, like setting it suid or
>> giving the required permissions into /etc/ppp/ directory. Setting the
>> password manually into chap.secrets and pap.secrets was out of the
>> question, since this should be easy to the end user.
>>
>> So, I decided to use the passwordfd plugin. First, I realized it was not
>> possible to establish a connection but kppp did not tell me so. So, the
>> fist patch I prepared returned an error when it was not possible to
>> write into the mentioned files. The only drawback I see for this patch
>> is that, in the case the user has written the files himself, kppp will
>> not call pppd, but give him an error instead. The solution would be to
>> let the user tell kppp he has already set the password. If that's
>> required, I may prepare this patch too.
>
> Nevertheless the patch makes sense. I marked it as reviewed. Only time
> will tell whether such an option is required. Might have to wait until
> the first distributions ship an installation (with their specific
> security and network setup).
>
> I cannot say anything about the passwordfd related code, yet. It's a
> feature that didn't exist when I wrote the original code.
>
We have to load the plugin and that requires privilege. That's why I
used the call mechanism. The plugin itself adds an option, passwordfd
that is the fd which it will use to read the password. So, I create a
pipe and use the reading end as the parameter to the passwordfd option
and, in the parent, write the password to the writing point. What I am
not sure is if storing the password at a global password is OK. Any
comments on that section of the code?
>> The following bugs and reviewer requests were opened/submitted to (I've
>> picked up myself as reviewer since I could not find porten there):
>
> I've registered such an account now. Thanks for the reminder.
>
> Harri.
Best Regards,
Cascardo.
["signature.asc" (application/pgp-signature)]
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic