diff options
author | toma <toma@283d02a7-25f6-0310-bc7c-ecb5cbfe19da> | 2009-11-25 17:56:58 +0000 |
---|---|---|
committer | toma <toma@283d02a7-25f6-0310-bc7c-ecb5cbfe19da> | 2009-11-25 17:56:58 +0000 |
commit | bcb704366cb5e333a626c18c308c7e0448a8e69f (patch) | |
tree | f0d6ab7d78ecdd9207cf46536376b44b91a1ca71 /doc/kppp/security.docbook | |
download | tdenetwork-bcb704366cb5e333a626c18c308c7e0448a8e69f.tar.gz tdenetwork-bcb704366cb5e333a626c18c308c7e0448a8e69f.zip |
Copy the KDE 3.5 branch to branches/trinity for new KDE 3.5 features.
BUG:215923
git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdenetwork@1054174 283d02a7-25f6-0310-bc7c-ecb5cbfe19da
Diffstat (limited to 'doc/kppp/security.docbook')
-rw-r--r-- | doc/kppp/security.docbook | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/doc/kppp/security.docbook b/doc/kppp/security.docbook new file mode 100644 index 00000000..d3012f8b --- /dev/null +++ b/doc/kppp/security.docbook @@ -0,0 +1,96 @@ +<chapter id="security"> +<title>&kppp; and security issues</title> + +<para>This section is mainly for superusers (<systemitem>root</systemitem>) +people with high security demands, or simply technically interested people. It +is not necessary to read this if you only use &Linux; at home for yourself, +although you may learn a thing or two in any case.</para> + +<sect1 id="security-restricting-access"> +<title>Restricting access to &kppp;</title> + +<para>A system administrator might want to restrict access as to who is allowed +to use &kppp;. There are two ways to accomplish this.</para> + +<sect2 id="security-group-permissions"> +<title>Restricting access with group permissions</title> + +<para>Create a new group (you might want to name it +<systemitem>dialout</systemitem> or similar), and put every user that should be +allowed to use &kppp; into that group. Then type at the prompt:</para> + +<screen><prompt>#</prompt> <userinput><command>chown</command> <option>root.dialout</option> <filename>/opt/kde/bin/kppp</filename></userinput> +<prompt>#</prompt> <userinput><command>chmod</command> <option>4750</option> <filename>/opt/kde/bin/kppp</filename></userinput> +</screen> + +<para>This assumes that &kde; was installed in <filename class="directory"> +/opt/kde/</filename> and that your new group is named +<systemitem>dialout</systemitem>.</para> + +</sect2> + +<sect2 id="security-kppps-way"> +<title>Restricting access &kppp;'s way</title> + +<para>Before doing anything, &kppp; checks if there is a file named +<filename>/etc/kppp.allow</filename>. If such a file exists, only users named in +this file are allowed to dial out. This file must be readable by everyone (but +of course <emphasis>NOT</emphasis> writable.) Only login names are recognized, +so you cannot use <acronym>UID</acronym>'s in this file. Here is a short +example:</para> + +<screen> +# /etc/kppp.allow +# comment lines like this are ignored +# as well as empty lines + +fred +karl +daisy +</screen> + +<para>In the example above, only the users <systemitem>fred</systemitem>, +<systemitem>karl</systemitem> and <systemitem>daisy</systemitem> are allowed to +dial out, as well as every user with a <acronym>UID</acronym> of 0 (so you don't +have to explicitly list root in the file).</para> + +</sect2> + +</sect1> + +<sect1 id="security-why-suid"> +<title>&kppp; has the <acronym>SUID</acronym> bit on? What about +security?</title> + +<para>It's virtually impossible to write a dialer without the +<acronym>SUID</acronym> bit that is both safe and easy to use for inexperienced +users. &kppp; addresses the security issues with the following strategy.</para> + +<itemizedlist> +<listitem> +<para>Immediately after the program starts, &kppp; forks.</para> +</listitem> +<listitem> +<para>The master process, which handles all the <acronym>GUI</acronym> operations +(such as user interaction), drops the <acronym>SUID</acronym> state after the +fork, and runs with normal user privileges.</para> +</listitem> +<listitem> +<para>The slave process keeps its privileges, and is responsible for all +actions that need <systemitem>root</systemitem> privileges. To +keep this part safe, no &kde; or &Qt; library calls are used here, just simple +library calls. The source code for this process is short (around 500 lines) and +well documented, so it's easy for you to check it for security holes.</para> +</listitem> +<listitem> +<para>Master and slave processes communicate with standard &UNIX; +<acronym>IPC</acronym>.</para> +</listitem> +</itemizedlist> + +<para>Special thanks to Harri Porten for writing this excellent piece of code. +It was thought to be impossible, but he managed it within a week.</para> + +</sect1> + +</chapter> |