If someone would turn on internet connection using command su -c "/sbin/ifup ppp1" would it put system at risk (how bad) ?
Asked
Active
Viewed 199 times
-1
R S
- 225
- 2
- 7
-
1I don't understand – using `su` means that not "someone" executes that command, but "someone" with knowledge of root's password. Also known as root. – Marcus Müller Jun 08 '18 at 12:03
-
What is *ppp1* interface on your system? Is it really a Point to Point Protocol interface? – Serge Ballesta Jun 08 '18 at 12:35
-
Please clarify that whether it is you who send the command ? Or you see the command trigger by some script ? – mootmoot Jun 08 '18 at 13:45
-
@downvoter reveal yourself ! – R S Jun 09 '18 at 00:03
-
@mootmoot I did. – R S Jun 09 '18 at 00:04
-
@Serge Ballesta pppoe. – R S Jun 09 '18 at 00:04
-
@Marcus Müller We shouldn't use PC as root usually, so we create another user to use PC as that user. Would you consider to change ü to u, because there is not such on keyboard ? – R S Jun 09 '18 at 00:06
2 Answers
0
It makes no difference. You're just sending a command to bring up the interface; which user does this is irrelevant.
Polynomial
- 132,208
- 43
- 298
- 379
-
This is incorrect. It trivially allows local privilege escalation by the user executing `su`. There is no impact on the security of the _network_, but it does greatly increase risk. – forest Jun 09 '18 at 04:52
-
@forest could you explain more about escalation ? "no impact on the security of the network" - do you mean stuff like attack on machine from Internet ? – R S Jun 09 '18 at 10:56
-
1@RS I mean that the interface will not be less secure just because it was brought up that way. However a malicious process running as that user will be able to hijack `su` while you use it. – forest Jun 09 '18 at 12:40
-
-
@Polynomial For `su` it's probably a common case, but `sudo` is very flexible and designed for configurable policies involving user separation, not just "gimme root". – forest Jun 11 '18 at 02:30
0
Assuming ppp1 is a Point to Point Protocol interface, this has a poor reputation amont security admins because it could be used to bypass any external firewall rules. Said differently if your system has a firewall that forbids a number of protocols or address ranges, but someone manages to open a PPP tunnel through it, the firewall will have no knowledge of what passes inside the tunnel, which somehow defeats its goal.
So my advice is that is a user sets up a PPP tunnel without an explicit authorization of the security administrator, this should be seen as an internal attack. Even if the user is not conscious of the problem, doing so actually lowers the global security level.
Serge Ballesta
- 25,636
- 4
- 42
- 84
-
Do you mean it's bad in case if someone would bypass firewall ? As I figured out connection being established by “NetworkManager.service”. All processes in that service run as root. Even thought user use network manager applet without any special permissions. – R S Jun 08 '18 at 15:29
-
As a former sysadmin, I see a red light in my brain as soon as I here *uncontrolled* PPP. What matters here is really *uncontrolled*. – Serge Ballesta Jun 08 '18 at 15:41
-
didn't get it much. Am I wrong completely (previous comment) ? I used pppoe-setup. – R S Jun 08 '18 at 20:01