Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

PPP password visible in the Terminal System
I came across this when I was trying to figure out a command line method of starting PPP. I checked the process list, and was surprised to find that the password for my internet account was listed there. You can test this yourself by typing (in the terminal):
ps auxww | grep "pppd"
This will list the full command that starts PPP. It includes your username and password as well as the telephone number used and any other configuration information. Basically everything needed to use YOUR internet accout.

I'm not quite sure how to fix the problem. As it's only a problem for people who use PPP and have other people accessing the command line of their machine at the same time, it will only affect a small number of people. However, if anyone knows a fix please let us know.
    •    
  • Currently 2.00 / 5
  You rated: 2 / 5 (3 votes cast)
 
[10,458 views]  

PPP password visible in the Terminal | 13 comments | Create New Account
Click here to return to the 'PPP password visible in the Terminal' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
true enough
Authored by: macubergeek on May 10, '02 09:31:23AM

interesting, interesting
I'm also wondering, on the upside if a piece of this verbiage can be used to script a ppp connection via a shell script.



[ Reply to This | # ]
extract ppp-account info
Authored by: see on May 10, '02 11:13:22AM

here is a small hack i wrote in perl long time ago, requires BASE64 modeul (get at CPAN). has worked since 10.0.x.
i just wonder what apple though of when using a worldreadable file storing passwd cleartext (just base64 encoded)
---------
see@immortelle:/var/db/SystemConfiguration> ls -l preferences.xml
-rw-r--r-- 1 root wheel 34707 May 4 18:45 preferences.xml
---------
see@immortelle:~> ./ppphack.pl
Info extracted from: /var/db/SystemConfiguration/preferences.xml
username: XXXXXXX
password: YYYYYY
number: 555-1234
---------
#!/usr/bin/perl
#put in file ppphack.pl
#chmod +x ppphack.pl and then ./ppphack.pl
use MIME::Base64;
if(open(FILE, "/var/db/SystemConfiguration/preferences.xml")){
$line=<FILE>;
while($line ne ""){
if($line =~ /AuthName/){
$username=<FILE>;
$username=~s/<string>//;
$username=~s/<\/string>//;
$username=~s/[\t ]+//;
chop($username);
}
if($line =~ /AuthPassword/){
$crap=<FILE>;
$password=<FILE>;
$password=~s/[\t ]+//;
chop($password);
}
if($line =~ /CommRemoteAddress/){
$number=<FILE>;
$number=~s/<string>//;
$number=~s/<\/string>//;
$number=~s/[\t ]+//;
chop($number);
}
$line=<FILE>;
}
}
$decoded_pass=decode_base64($password);
print "Info extracted from: /var/db/SystemConfiguration/preferences.xml\n";
print "username: $username\npassword: $decoded_pass\nnumber: $number\n";



[ Reply to This | # ]
Problem? solution?
Authored by: el bid on May 10, '02 11:36:06AM

I'm not convinced this really is a problem, because if someone who shouldn't be there is in your system as root (as they'd need to be to see this) you are already in deep trouble.

Generically (which is a nice way of saying I'm not sure how this might work on the Mac) the solution to the particular problem of showing that info as command line params to pppd is not to put the info there in the first place.

Ie, instead of calling pppd with the explicit details on the command line, put the details into a peers script (/etc/ppp/peers/MyISP, say) and call this from the command line with "pppd call MyISP". If you do this, all that ps will show up will be just that line.

I haven't investigated to what extent the Aqua interface to pppd allows you to do this. But if it's too restrictive to allow you to make these changes, to hell with it. The ideal solution is to stop doing pppd from your Mac; do it from a Coyote Linux router (http://www.coyotelinux.com) instead. This is essentially the cheapest old 486 PC you can find ($50 tops) with a working floppy, a serial port, an Ethernet card, 16 MB of RAM and no hard drive, plus the free (freely downloadable, and Stallmanishly free) Coyote router software, which fits on a floppy.

The huge advantage of this, I've found, isn't just that you can network multiple machines to the same pppd connection; it's that every machine you connect, whether it's a Mac, a Linux box, a wireless access point or (heaven forfend) a Windows nuisance, only need know the address of the Coyote router and the DNS resolver addresses of your ISP to make the connection.

--
el bid



[ Reply to This | # ]
Problem? solution?
Authored by: wngdn on May 10, '02 11:49:03AM
I'm not convinced this really is a problem, because if someone who shouldn't be there is in your system as root (as they'd need to be to see this) you are already in deep trouble.

They don't need to be root to see it; they just need to be logged in as any user. (I tested this just now.)

If a remote hole is discovered which gives an attacker access as any user, then once in they can see your PPP username, password, and dialup phone number. Yeah, it's not your credit card number and it's not root access, but it's still bad.

Cheers,

Wangden

[ Reply to This | # ]
definately a problem
Authored by: see on May 10, '02 01:47:24PM

any user on an osx system legal or not can access this information, you don't need any kind of administrative-privileges:
---------
see@immortelle:/var> ls -alF
total 24
drwxr-xr-x 20 root wheel 636 Jan 3 1970 ./
drwxr-xr-x 15 root wheel 466 Jan 3 1970 db/
---------
see@immortelle:/var/db/SystemConfiguration> ls -alF
total 80
drwxr-xr-x 4 root wheel 264 Jan 3 1970 ./
-rw-r--r-- 1 root wheel 34707 May 4 18:45 preferences.xml
---------
so it's definitely a problem on any setting where you have several users.



[ Reply to This | # ]
Problem? solution?
Authored by: capmikee on Aug 08, '04 12:17:58PM

On my 10.2.8 system with all the security patches, my password is encrypted in the preferences.xml file, and in the command line it shows up as ******. So I guess this problem has been fixed.

I managed to use the advice in this topic to connect from the command line, but I had to make my options file readable only by root, which means I have to connect as root. Is it possible to connect as any user and still keep the password hidden? I'm interested in the peers script idea, but I don't know how to write one.



[ Reply to This | # ]
Some questions
Authored by: wfolta on May 10, '02 02:43:14PM

I don't use PPP anymore, but have two questions/suggestions:

1. What does the pppd command line look like? Looking through the pppd man page, I don't see that phone numbers or passwords should be on the command line.

2. If you invoke pppd directly (not through the connection tool or whatever it's called) you can cause it to read options from a file instead of from the commandline. That's one standard UNIX method for getting around this problem.

If it were a concern, I'd be tempted to save the pppd command line then do a man on ppd, looking at the "file" and "call" options and creating the appropriate files with the command line options in them. If you can put all the options in a file to be read with "file", you should be able to make it readable only by you, hiding everything from others.

Not sure what the implications are if you want others to be able to start PPP though.



[ Reply to This | # ]
Some questions
Authored by: Riken on May 11, '02 01:31:12AM

My PPPD output looks like this (with appropriate bits replaced):

root 382 0.0 0.1 1784 348 ?? Ss 0:00.36 pppd serviceid 0 logfile /tmp/ppp.log /dev/cu.modem 115200 connect /usr/libexec/CCLEngine -l 0 -f '/Library/Modem Scripts/Apple Internal 56K Modem (v.90)' -T '92790555' -E -S 150 -s 0 -e 1 -c 1 -p 0 -d 0 -C 'Cancel' -I 'Internet Connect' -i 'file://localhost/System/Library/SystemConfiguration/PPPController.bundle/Contents/Resources/NetworkConnect.icns' busycode 122 redialcount 1 redialtimer 30 disconnect /usr/libexec/CCLEngine -m 1 -l 0 -f '/Library/Modem Scripts/Apple Internal 56K Modem (v.90)' -E -S 150 -C 'Cancel' -I 'Internet Connect' -i 'file://localhost/System/Library/SystemConfiguration/PPPController.bundle/Contents/Resources/NetworkConnect.icns' remoteaddress PROVIDERSPHONENUMBER cancelcode 136 lcp-echo-interval 10 lcp-echo-failure 3 mru 1500 mtu 1500 receive-all ipparam 192.168.1.1 0:0 noipdefault ipcp-accept-local ipcp-accept-remote usepeerdns noauth user PLAINTEXTUSERNAME password PLAINTEXTPASSWORD forcedetach noccp plugin /System/Library/SystemConfiguration/PPPController.bundle/Contents/PlugIns/PPPDialogs.ppp noaskpassword call MYPROVIDER

Yes I suppose it could be possible to replace all this with a script but I think that would break Internet Connect. I haven't tried it and as it's not a security concern for me but keeping Internet Connect happy is I probably won't.

Bad Apple.



[ Reply to This | # ]
PPPOE
Authored by: Pfhordoor on May 11, '02 04:04:34PM

password is also visible under PPPOE:

ps auxww | grep "pppoe"



[ Reply to This | # ]
/etc/ppp/options works as it should
Authored by: nobody on May 18, '02 09:32:41PM

to make an options file, copy the pppd options (ps -alwwx | grep pppd) to the clipboard
then create the directory /etc/ppp
open a new file there, call it options
paste the contents of the clipboard.
now, most options are 2 words, some are only one.
replace the spaces between the options with newlines.
so you will end up like this:

serviceid 6
logfile /tmp/ppp.log
plugin PPPoE.ppp
pppoeinterface en0
cancelcode 136
lcp-echo-interval 10
lcp-echo-failure 3
receive-all
noipdefault
ipcp-accept-local
ipcp-accept-remote
usepeerdns
noauth
# note here: if your username contains characters like the @ enclose the username with quotes!
user 'username@serviceprovider.com'
password 45398503948
forcedetach
noccp
defaultroute

---------------
your actual file maybe will look a little different from mine.
save the file, make it readable only for root (chmod 600 options) otherwise anybody will be able to see the contents.

of course this configuration will only work if you stop starting and configuring pppd with the OSX supplied tools.
I start it via a script in /Library startup-items.



[ Reply to This | # ]
/etc/ppp/options works as it should
Authored by: progers@alumni.u on Jun 16, '02 04:04:40PM

Has anyone managed to successfully launch pppd from the command line? I'm trying to create a script that will allow me to make my iMac go online from my Powerbook over airport.

I tried extracting the parameters associated with the pppd command issued by the system using "ps -axww" but the returned parameters don't work. I've tried putting the supplied options into /etc/ppp/options all on one line and also broken up into separate lines, but some of the options are not recognized. I've also tried entering the command directly from the shell and still the options are not recognized. The man page is no help, as it doesn't mention the extra options apple created for interfacing with OSX. The options (and command) I see in the output from ps are:

pppd serviceid 0 logfile /tmp/ppp.log /dev/cu.modem 115200 connect /usr/libexec/
CCLEngine -l 0 -f '/Library/Modem Scripts/Apple Internal 56K Modem (v.34)' -T '
4165555555' -E -S 150 -s 0 -e 1 -c 1 -p 0 -d 0 -C 'Cancel' -I 'Internet
Connect' -i 'file://localhost/System/Library/SystemConfiguration/PPPController.b
undle/Contents/Resources/NetworkConnect.icns' redialalternate altconnect /usr/li
bexec/CCLEngine -l 0 -f '/Library/Modem Scripts/Apple Internal 56K Modem (v.34)'
-T '4165555555' -E -S 150 -s 0 -e 1 -c 1 -p 0 -d 0 -C 'Cancel' -I 'Int
ernet Connect' -i 'file://localhost/System/Library/SystemConfiguration/PPPContro
ller.bundle/Contents/Resources/NetworkConnect.icns' -T '4165555555' busycode 12
2 redialcount 1 redialtimer 30 disconnect /usr/libexec/CCLEngine -m 1 -l 0 -f '/
Library/Modem Scripts/Apple Internal 56K Modem (v.34)' -E -S 150 -C 'Cancel'
-I 'Internet Connect' -i 'file://localhost/System/Library/SystemConfiguration/PP
PController.bundle/Contents/Resources/NetworkConnect.icns' remoteaddress 4169411
462 cancelcode 136 idle 900 lcp-echo-interval 10 lcp-echo-failure 3 mru 1500 mtu
1500 receive-all ipparam 10.0.1.2 0:0 noipdefault ipcp-accept-local ipcp-accept
-remote usepeerdns noauth user <myusername> password <mypassword> forcedetach
noccp plugin /System/Library/SystemConfiguration/PPPController.bundle/Contents/
PlugIns/PPPDialogs.ppp noaskpassword call <Provider>

This results in a the error "pppd: unrecognized option '-l'" if entered on the command line or if saved in the options file minus the initial "pppd". Parsing an options file with the above options even causes the regular ppp connect from the GUI to fail (I assume because of the same error). So what's up with all the strange options? (-l -E etc?).

Ideally, I'd like to use a separate options file when connecting remotely, and ignore it for local dialup, but the "file <filename>" option doesn't seem to work either. I can just make a script that calls pppd with the full parameter list and activate it by ssh.

- Pat



[ Reply to This | # ]
Fixed my problem
Authored by: progers@alumni.u on Jun 17, '02 08:29:48PM

Ok, I fixed my own problem. The first thing I should have done is learn how to read. I completely ignored the previous posters advice about quoting my user name which did contain an '@'.

My real problem was that ps doesn't show double quoted arguments with the quotes - just the space. All of the connect options are supposed to reference "an executable shell command ... to set up the serial line". This command is /usr/libexec/CCLEngine. The weird options I was seing weren't being passed to pppd, but CCLEngine. So if you try this (and I know you want to) remember to double quote everything from CCLEngine to the next ppd option. It should look something like this:

#!/bin/sh

sudo pppd serviceid 0 logfile /tmp/ppp.log /dev/cu.modem 115200 connect "/usr/libexec/CCLEngine -l 0 -f '/Library/Modem Scripts/Apple Internal 56K Modem (v.34)' -T '4165555555' -E -S 150 -s 0
-e 1 -c 1 -p 0 -d 0 -C 'Cancel' -I 'Internet Connect' -i 'file://localhost/System/Library/SystemConfiguration/PPPController.bundle/Contents/Resources/NetworkConnect.icns'" redialalternate altco
nnect "/usr/libexec/CCLEngine -l 0 -f '/Library/Modem Scripts/Apple Internal 56K Modem (v.34)' -T '4165555555' -E -S 150 -s 0 -e 1 -c 1 -p 0 -d 0 -C 'Cancel' -I 'Internet Connect' -i 'file
://localhost/System/Library/SystemConfiguration/PPPController.bundle/Contents/Resources/NetworkConnect.icns' -T '4165555555'" busycode 122 redialcount 1 redialtimer 30 disconnect "/usr/libexec/CCL
Engine -m 1 -l 0 -f '/Library/Modem Scripts/Apple Internal 56K Modem (v.34)' -E -S 150 -C 'Cancel' -I 'Internet Connect' -i 'file://localhost/System/Library/SystemConfiguration/PPPController.bun
dle/Contents/Resources/NetworkConnect.icns'" remoteaddress 4165555555 cancelcode 136 idle 900 lcp-echo-interval 10 lcp-echo-failure 3 mru 1500 mtu 1500 receive-all ipparam 10.0.1.2 0:0 noipdefault
ipcp-accept-local ipcp-accept-remote usepeerdns noauth user 'username' password <very-secret> forcedetach noccp plugin /System/Library/SystemConfiguration/PPPController.bundle/Contents/PlugIn
s/PPPDialogs.ppp noaskpassword call Provider

Hope this helps somebody. Now I have to figure out how to get my airport to broadcast through the aluminum siding on my house...

- Pat



[ Reply to This | # ]
/etc/ppp/options works as it should
Authored by: capmikee on Aug 08, '04 01:48:59PM
of course this configuration will only work if you stop starting and configuring pppd with the OSX supplied tools.

It seems to work fine with starting pppd from Aqua.

As for configuration, does anyone know if there's a way of extracting the pppd options from the Preferences file, either with official APIs or with hacks? The Perl script listed above looked good, but my passwords in /var/db/SystemConfiguration/preferences.xml are encrypted.



[ Reply to This | # ]