
ISP PASSWORD SECURITY

  The plaintext passwords entered via the "Account Data" option in xisp
  are encrypted using the encrypt/setkey routines. Since this requires a
  key kept inside the executable, someone having access to the source
  can potentially decode users' .xisprc entries and obtain plaintext
  passwords for ISP accounts. Since the .xisprc file is created as
  readable only by its owner, this is not very likely, but nevertheless,
  in the interest of enhancing security, the administrator installing
  xisp is urged to change the key saved in the pkey[] variable, in
  pcode.c. The key saved there has already been scrambled by XOR-ing it
  with 0xFF so that the key string is not traceable in the xisp binary.
  In order to change the key, pick a string of 8 characters, XOR them
  with 0xFF and place them in pkey[].

  The above is by no means a "secure system". It will deter the
  "professional user" but not your average "amateur hacker" ;)  But
  that's OK given the scope of this program. The requirement was basically
  to keep plaintext passwords from appearing in the .xisprc file. Anyone
  is welcome to come up with something better (perhaps even more portable)
  and contribute it to the distribution :)

  As of xisp version 1.9, simple PAP support was added by using the +ua
  pppd option (only up to and including version 2.2.0f; this option has
  been removed from pppd v2.3.x and later versions). This requires that
  pppd has access to a simple file containing the username and plaintext
  password. To this end, a temporary file called .xisppap is generated
  by xisp in the user's home directory just prior to launching pppd, and
  is deleted when pppd reads its parameters and forks to run in the
  background. Thus, the file remains in the filesystem only for the time
  between invocation and forking, which is about a couple of seconds on
  a lightly loaded system. It is created u+rw,go-rw (mode 600) of course!


SYSTEM SECURITY

  Since xisp version 2.3, the ip-up and ip-down scripts supplied with xisp
  have enhanced security. They both make use of the xispid utility derived
  from the GNU id(1) program. After command line parsing is done, ip-up and
  ip-down call xispid to find the real group-id of the user who started pppd.
  If the user is not a member of the uucp group ("dialout" group for Debian
  Linux, "root" group for Red Hat Linux or some other group selected for
  this purpose during compilation via xisp's Makefile), both scripts exit,
  as most likely this is a system security attack. Please note that this
  measure is an enhancement and *NOT* a complete solution, as it is assumed
  that the uucp (or dialout, root or whatever) group members can be trusted.
  Be warned that such a "trusted" user can, conceivably, append data to
  privileged system files by appropriately modifying the string passed to
  ip-up/ip-down via the ipparam pppd option.

