Re: DSA 557-1 and CAN-2004-0564
On Wed, Oct 06, 2004 at 02:11:32PM +0200, Marco d'Itri wrote:
> On Oct 06, Max Vozeler <email@example.com> wrote:
> > It would make it possible for /usr/sbin/pppoe to get rid of setuid root
> > and still work for unprivileged users. Marco, how does this look to you?
> > Would you consider including such an option in ppp?
> I think I'm missing something. What's wrong with pppoe being setuid?
Upstream says it wasn't designed for that (see the beginning of the
thread on debian-security ) so there may well be other security bugs
> Anyway, pppoe is deprecated and superseded by the kernel-space driver,
> so I'm not much interested in hacking pppd for its benefit.
I don't know much about that, but pppoe is still installed on a great
many system (#390 in popcon). Having something like the pty-keep-privs
option would bring a potentially big improvement for security of those