Re: DSA 557-1 and CAN-2004-0564
Max Vozeler wrote:
If this is really the case, then maybe the best solution would be to
modify that Debian patch to pppd to add a "dont-drop-root-privs" option
to the "pty" option? Then people using pppd together with pppoe could
use that option, pppoe would be run as root, and people in group dip
would be able to launch PPP connections.
The pppd in Debian appears to change privileges back to those of the
invoking user before calling the program specified in the pty option,
preventing normal users from controlling PPPOE connections like other
normal PPP connections.