Re: DSA 557-1 and CAN-2004-0564
On Mon, Oct 04, 2004 at 10:27:28AM -0400, David F. Skoll wrote:
> On Mon, 4 Oct 2004, Martin Schulze wrote:
> > There are reasons users install it setuid / setgid, and these installations
> > are vulnerable.
> I disagree. There is absolutely *no* reason to install rp-pppoe
> setuid-root. It is normally invoked by pppd, and pppd must be either
> invoked by root or setuid-root itself. Could you name a scenario in
> which a setuid-root rp-pppoe is needed?
The pppd in Debian appears to change privileges back to those of the
invoking user before calling the program specified in the pty option,
preventing normal users from controlling PPPOE connections like other
normal PPP connections.
| I have a user which is a member of the dip group. This should
| allow him to use "pon dsl-provider" to dial in. However, a
| permission problem prevents this: pppd drops too many provileges
| before it starts pppoe!
Then again since you recommend against giving it setuid root, there
may be other unforseen effects in the Debian package besides the file
creation/ overwriting that I noticed.