Bug#709972: kppp doesn't need to run suid
Package: kppp
Version: 4:4.8.4-1
Severity: serious
Tags: security
X-Debbugs-CC: security@debian.org
Hi maintainers,
According to Ilja's report [1] about Linux desktop security, there is
no need to run kppp suid.
According to kppp FAQ:
""There is no need for the setuid bit, if you know a bit of UNIX®
systems administration. Simply create a modem group, add all users
that you want to give access to the modem to that group and make the
modem device read/writable for that group.""
[1]: http://lists.x.org/archives/xorg-devel/2013-May/036291.html, p34 and onward
Regards
--
Mathieu Parent
Reply to: