A misconfigured PPP daemon can be a devastating security breach. It can be as bad as letting anyone plug their machine into your Ethernet (and that can be very bad). In this section, we discuss a few measures that should make your PPP configuration safe.
Root privilege is required to configure the network device and routing table. You will usually solve this by running pppd setuid root. However, pppd allows users to set various security-relevant options.
To protect against any attacks a user may launch by manipulating
pppd options, you should set a couple of
default values in the global
file, like those shown in the sample file in Section 8.3,” earlier in this chapter. Some of them, such as the
authentication options, cannot be overridden by the user, and thus
provide reasonable protection against manipulations. An important
option to protect is the
connect option. If you intend to allow
non-root users to invoke pppd to connect to the
Internet, you should always add the
noauth options to the global options file
If you fail to do this, users
will be able to execute arbitrary commands with
root privileges by specifying the command as their
connect command on the
pppd line or in their personal options file.
Another good idea is to restrict which users may execute
pppd by creating a group in
and adding only those users who you wish to have the ability to execute
the PPP daemon. You should then change group ownership of the
pppd daemon to that group and remove the world execute
privileges. To do this, assuming you’ve called your group
dialout, you could use something like:
chown root /usr/sbin/pppd#
chgrp dialout /usr/sbin/pppd#
chmod 4750 /usr/sbin/pppd
Of course, you have to protect yourself from the systems you speak PPP with, too. To fend off hosts posing as someone else, you should always require some sort of authentication from your peer. Additionally, you should not allow foreign hosts to use any IP address they choose, but restrict them to at most a few. The following section will deal with these topics in detail.