KPPP has the SUID bit on? What about security?

It's virtually impossible to write a dialer without the SUID bit that is both safe and easy to use for inexperienced users. KPPP addresses the security issues with the following strategy.

  • Immediately after the program starts, KPPP forks.

  • The master process, which handles all the GUI operations (such as user interaction), drops the SUID state after the fork, and runs with normal user privileges.

  • The slave process keeps its privileges, and is responsible for all actions that need root privileges. To keep this part safe, no KDE or Qt™ library calls are used here, just simple library calls. The source code for this process is short (around 500 lines) and well documented, so it's easy for you to check it for security holes.

  • Master and slave processes communicate with standard UNIX® IPC.

Special thanks to Harri Porten for writing this excellent piece of code. It was thought to be impossible, but he managed it within a week.