[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DSA 557-1 and CAN-2004-0564

David F. Skoll wrote:
> On Mon, 4 Oct 2004, Martin Schulze wrote:
> > There are reasons users install it setuid / setgid, and these installations
> > are vulnerable.
> I disagree.  There is absolutely *no* reason to install rp-pppoe
> setuid-root.  It is normally invoked by pppd, and pppd must be either
> invoked by root or setuid-root itself.  Could you name a scenario in
> which a setuid-root rp-pppoe is needed?

Please talk to the Debian maintainer of rp-pppoe since pppoe is installed
root.dip and setuid in Debian sarge and sid.  The maintainer can be reached
through pppoe@packages.debian.org.  Details about this package can be found
here: http://packages.debian.org/pppoe



Everybody talks about it, but nobody does anything about it!  -- Mark Twain

Please always Cc to me when replying to me on the lists.

Reply to: