[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DSA 557-1 and CAN-2004-0564

On Wed, Oct 06, 2004 at 02:11:32PM +0200, Marco d'Itri wrote:
> On Oct 06, Max Vozeler <max@hinterhof.net> wrote:
> > It would make it possible for /usr/sbin/pppoe to get rid of setuid root
> > and still work for unprivileged users. Marco, how does this look to you?
> > Would you consider including such an option in ppp?
> I think I'm missing something. What's wrong with pppoe being setuid?

Upstream says it wasn't designed for that (see the beginning of the
thread on debian-security [1]) so there may well be other security bugs

> Anyway, pppoe is deprecated and superseded by the kernel-space driver,
> so I'm not much interested in hacking pppd for its benefit.

I don't know much about that, but pppoe is still installed on a great
many system (#390 in popcon). Having something like the pty-keep-privs
option would bring a potentially big improvement for security of those


[1] http://lists.debian.org/debian-security/2004/10/msg00004.html


Reply to: