File: SECURITY

package info (click to toggle)
xisp 2.5p4-1
  • links: PTS
  • area: contrib
  • in suites: slink
  • size: 1,328 kB
  • ctags: 1,908
  • sloc: ansic: 16,648; asm: 214; sh: 210; makefile: 202; perl: 55
file content (50 lines) | stat: -rw-r--r-- 2,799 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 

ISP PASSWORD SECURITY

  The plaintext passwords entered via the "Account Data" option in xisp
  are encrypted using the encrypt/setkey routines. Since this requires a
  key kept inside the executable, someone having access to the source
  can potentially decode users' .xisprc entries and obtain plaintext
  passwords for ISP accounts. Since the .xisprc file is created as
  readable only by its owner, this is not very likely, but nevertheless,
  in the interest of enhancing the security just a bit more, the
  administrator installing xisp is urged to change the key saved in the
  pkey[] variable, in pcode.c. The key saved there has already been
  scrambled by XORing it with 0xFF so that the key string is not
  traceable in the xisp binary. In order to change the key, pick a
  string of 8 characters, XOR them with 0xFF and place them in pkey[].

  The above is by no means a "secure system". It will deter the
  "professional user" but not your average "amateur hacker" ;)  But
  that's OK given the scope of this package. The requirement was basically
  to keep plaintext passwords from appearing in the .xisprc file. Anyone
  is welcome to come up with something better (perhaps even more portable)
  and contribute it to the package :)

  As of version 1.9, simple PAP support was added by using the +ua pppd
  option (only up to and including version 2.2.0f; this option has been
  removed from pppd v2.3.x). This requires that pppd has access to a
  simple file containing the username and plaintext password. To this end,
  a temporary file called .xisppap is generated by xisp in the user's
  home directory just prior to launching pppd, and is deleted when pppd
  reads its parameters and forks to run in the background. Thus, the file
  remains in the filesystem only for the time between invocation and
  forking, which is about a couple of seconds on a lightly loaded system.
  It is created u+rw,go-rw (mode 600) of course!


SYSTEM SECURITY

  Since version 2.3, the ip-up and ip-down scripts supplied with xisp have
  enhanced security. They both make use of the xispid utility derived from
  the GNU id(1) program. After command line parsing is done, ip-up/ip-down
  call xispid to find the real group-id of the user who started pppd. If
  the user is not a member of the uucp group ("dialout" group for Debian
  Linux or "root" group for Red Hat Linux) then both scripts exit, as most
  likely this is a system security attack. Please note that this measure
  is an enhancement and *NOT* a complete solution, as we are assuming that
  the uucp (or dialout or root) group members can be trusted. Such a
  "trusted" user can, conceivably, append data to privileged system files
  by appropriately modifying the string passed to ip-up/ip-down via the
  ipparam pppd option.