Bug#4673: ppp insecure
Package: ppp
Version: 2.2.0f-6
After installing, inspecting the /etc/ppp/pap-secrets file reveals:
...
# Every regular user can use PPP and has to use passwords from /etc/passwd
* chiark ""
...
Furthermore, /usr/sbin/pppd is setuid root and world-executable,
contrary to advice in /usr/doc/ppp/README.linux.
I'm not very familiar with the security features of ppp, but it seems
highly likely that there are several security problems here.
Ian.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: