Bug#709972: kppp doesn't need to run suid

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#709972: kppp doesn't need to run suid
From: Mathieu Parent <math.parent@gmail.com>
Date: Mon, 27 May 2013 10:01:55 +0200
Message-id: <[🔎] CAFX5sbyZ+wQ1=7NdXB1qD9NR=f-hcaUbLLQ=UU8QwPJSV+o3Fw@mail.gmail.com>
Reply-to: Mathieu Parent <math.parent@gmail.com>, 709972@bugs.debian.org

Package: kppp
Version: 4:4.8.4-1
Severity: serious
Tags: security
X-Debbugs-CC: security@debian.org

Hi maintainers,

According to Ilja's report [1] about Linux desktop security, there is
no need to run kppp suid.
According to kppp FAQ:

""There is no need for the setuid bit, if you know a bit of UNIX®
systems administration. Simply create a modem group, add all users
that you want to give access to the modem to that group and make the
modem device read/writable for that group.""


[1]: http://lists.x.org/archives/xorg-devel/2013-May/036291.html, p34 and onward

Regards

--
Mathieu Parent

Reply to:

Prev by Date: libdbusmenu-qt_0.9.2-1_amd64.changes ACCEPTED into unstable
Next by Date: Bug#699468: okular: CTL issue: copy persian words (right-to-left) to clipboard results in wrong order of the letters
Previous by thread: libdbusmenu-qt_0.9.2-1_amd64.changes ACCEPTED into unstable
Next by thread: Bug#699468: okular: CTL issue: copy persian words (right-to-left) to clipboard results in wrong order of the letters
Index(es):
- Date
- Thread