Giovanni Caruso pecico@xxxxxxxxx [mlerlug/erlug list] wrote:
Ha funzionato anche senza la prima istruzione.
Sì, ma riporto anche il resto della pagina in cui suggeriscono
questo "rimedio":
> Please be aware of what you're doing, though. Many security holes are
> the result of fooling a program with root permissions into behaving
> poorly. If kppp can be manipulated with spurious input, arbitrary code
> might be made executable with root permissions. I have no idea of the
> degree to which kppp is (or is not) susceptible to being abused in
> this fashion.
Dandosi la pena di studiarla, PAM risulta essere assai interessante (ma
la documentazione fa pena). Il rimedio "giusto" dovrebbe essere qualcosa
del genere:
> In 6.1 (and I believe 6.2, don't know about 7.x), RedHat put kppp on
> PAM. For some reason it was configured to ask for root's password (I
> read one comment calling this a bug, as it's a security hazard).
> The simple solution I found by searching on Google is to change
> /etc/pam.d/kppp as follows:
> #%PAM-1.0
> #auth sufficient /lib/security/pam_rootok.so
> # change for eliminate root password prompt 18 Mar 2001
> auth sufficient /lib/security/pam_permit.so
> auth required /lib/security/pam_pwdb.so
> session optional /lib/security/pam_xauth.so
> account required /lib/security/pam_permit.so
> Comment out the first line as shown; add the first line following the
> second comment. This will be convenient on workstation machines if
> you are the only user, and mandatory if it's a family machine, i.e.
> multiple users of kppp. I don't know if the same situation applies to
> rp3, as I did a kde workstation install instead of gnome, so rp3 isn't
> installed on my machine.
Questo era per 6.2 e magari per 7.x le cose sono un pò diverse, ma che
almeno gli utenti Linux si distinguano nel fare le cose per bene.
Davide Bolcioni
--
There is no place like /home.
|