Re: DSA 557-1 and CAN-2004-0564

To: Max Vozeler <max@hinterhof.net>
Cc: "David F. Skoll" <dfs@roaringpenguin.com>, Martin Schulze <joey@infodrom.org>, debian-security@lists.debian.org, cve@mitre.org
Subject: Re: DSA 557-1 and CAN-2004-0564
From: Christian Hudon <chrish@pianocktail.org>
Date: Mon, 04 Oct 2004 12:14:56 -0400
Message-id: <[🔎] 41617700.2020807@pianocktail.org>
In-reply-to: <[🔎] 20041004160022.GA23690@nautile.roam.hinterhof.net>
References: <[🔎] Pine.LNX.4.58.0410040952350.21496@shishi.roaringpenguin.com> <[🔎] 20041004141404.GY15510@finlandia.infodrom.north.de> <[🔎] Pine.LNX.4.58.0410041025410.21496@shishi.roaringpenguin.com> <[🔎] 20041004160022.GA23690@nautile.roam.hinterhof.net>

Max Vozeler wrote:

The pppd in Debian appears to change privileges back to those of the
invoking user before calling the program specified in the pty option,
preventing normal users from controlling PPPOE connections like other
normal PPP connections.

If this is really the case, then maybe the best solution would be tomodify that Debian patch to pppd to add a "dont-drop-root-privs" optionto the "pty" option? Then people using pppd together with pppoe coulduse that option, pppoe would be run as root, and people in group dipwould be able to launch PPP connections.


 Christian

Reply to:

Follow-Ups:
- Re: DSA 557-1 and CAN-2004-0564
  - From: Max Vozeler <max@hinterhof.net>

References:
- Re: DSA 557-1 and CAN-2004-0564
  - From: "David F. Skoll" <dfs@roaringpenguin.com>
- Re: DSA 557-1 and CAN-2004-0564
  - From: Martin Schulze <joey@infodrom.org>
- Re: DSA 557-1 and CAN-2004-0564
  - From: "David F. Skoll" <dfs@roaringpenguin.com>
- Re: DSA 557-1 and CAN-2004-0564
  - From: Max Vozeler <max@hinterhof.net>

Prev by Date: Re: DSA 557-1 and CAN-2004-0564
Next by Date: Strange X11 Assersion
Previous by thread: Re: DSA 557-1 and CAN-2004-0564
Next by thread: Re: DSA 557-1 and CAN-2004-0564
Index(es):
- Date
- Thread