[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DSA 557-1 and CAN-2004-0564

On Mon, 4 Oct 2004, Martin Schulze wrote:

> There are reasons users install it setuid / setgid, and these installations
> are vulnerable.

I disagree.  There is absolutely *no* reason to install rp-pppoe
setuid-root.  It is normally invoked by pppd, and pppd must be either
invoked by root or setuid-root itself.  Could you name a scenario in
which a setuid-root rp-pppoe is needed?



Reply to: