svn commit: lorikeet r152 - in trunk/pppd: .
abartlet at samba.org
abartlet at samba.org
Mon Jan 3 11:15:49 GMT 2005
Author: abartlet
Date: 2005-01-03 11:15:49 +0000 (Mon, 03 Jan 2005)
New Revision: 152
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=152
Log:
Explain the security issues with the previous patch.
Andrew Bartlett
Modified:
trunk/pppd/README
Changeset:
Modified: trunk/pppd/README
===================================================================
--- trunk/pppd/README 2005-01-03 00:36:27 UTC (rev 151)
+++ trunk/pppd/README 2005-01-03 11:15:49 UTC (rev 152)
@@ -2,6 +2,14 @@
ntlm_auth 'ntlm-server-1' helper protocol in Samba 3.0.3 to add
'winbindd' support to ppp.
+*SECURITY NOTE*
+
+The patches formally at this location are subject to an attack by
+local users (ie those with shell access) if the pppd binary is SUID.
+For this reason, pppd 2.4.3 should be used instead of a patched
+earlier version.
+
+
This is supported for PAP, MSCHAP and MSCHAPv2 authentication types.
It is intended to also support the MPPE encryption scheme.
More information about the samba-cvs
mailing list