Re: DSA 557-1 and CAN-2004-0564

To: "David F. Skoll" <dfs@roaringpenguin.com>
Cc: debian-security@lists.debian.org, cve@mitre.org
Subject: Re: DSA 557-1 and CAN-2004-0564
From: Martin Schulze <joey@infodrom.org>
Date: Mon, 4 Oct 2004 16:43:00 +0200
Message-id: <[🔎] 20041004144300.GB15510@finlandia.infodrom.north.de>
In-reply-to: <[🔎] Pine.LNX.4.58.0410041025410.21496@shishi.roaringpenguin.com>
References: <[🔎] Pine.LNX.4.58.0410040952350.21496@shishi.roaringpenguin.com> <[🔎] 20041004141404.GY15510@finlandia.infodrom.north.de> <[🔎] Pine.LNX.4.58.0410041025410.21496@shishi.roaringpenguin.com>

David F. Skoll wrote:
> On Mon, 4 Oct 2004, Martin Schulze wrote:
> 
> > There are reasons users install it setuid / setgid, and these installations
> > are vulnerable.
> 
> I disagree.  There is absolutely *no* reason to install rp-pppoe
> setuid-root.  It is normally invoked by pppd, and pppd must be either
> invoked by root or setuid-root itself.  Could you name a scenario in
> which a setuid-root rp-pppoe is needed?

Please talk to the Debian maintainer of rp-pppoe since pppoe is installed
root.dip and setuid in Debian sarge and sid.  The maintainer can be reached
through pppoe@packages.debian.org.  Details about this package can be found
here: http://packages.debian.org/pppoe

Regards,

	Joey

-- 
Everybody talks about it, but nobody does anything about it!  -- Mark Twain

Please always Cc to me when replying to me on the lists.

Reply to:

References:
- Re: DSA 557-1 and CAN-2004-0564
  - From: "David F. Skoll" <dfs@roaringpenguin.com>
- Re: DSA 557-1 and CAN-2004-0564
  - From: Martin Schulze <joey@infodrom.org>
- Re: DSA 557-1 and CAN-2004-0564
  - From: "David F. Skoll" <dfs@roaringpenguin.com>

Prev by Date: Re: DSA 557-1 and CAN-2004-0564
Next by Date: Re: DSA 557-1 and CAN-2004-0564
Previous by thread: Re: DSA 557-1 and CAN-2004-0564
Next by thread: Re: DSA 557-1 and CAN-2004-0564
Index(es):
- Date
- Thread