[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DSA 557-1 and CAN-2004-0564


The rp-pppoe "security advisory" is totally bogus.  rp-pppoe is
not meant to run SUID-root, and nowhere in the documentation is this

You might as well post a security advisory about "ls" because it doesn't
drop privileges if it's installed SUID-root.

Arguably, rp-pppoe should set its user-ID to "nobody" after it has opened
the raw sockets.  It wasn't designed this way because pppd runs as root
all the time, and pppd is orders of magnitude more complex than rp-pppoe,
so I didn't see much security advantage.



Reply to: