Re: DSA 557-1 and CAN-2004-0564
Hi,
The rp-pppoe "security advisory" is totally bogus. rp-pppoe is
not meant to run SUID-root, and nowhere in the documentation is this
recommended.
You might as well post a security advisory about "ls" because it doesn't
drop privileges if it's installed SUID-root.
Arguably, rp-pppoe should set its user-ID to "nobody" after it has opened
the raw sockets. It wasn't designed this way because pppd runs as root
all the time, and pppd is orders of magnitude more complex than rp-pppoe,
so I didn't see much security advantage.
Regards,
David.
Reply to: