Package: netdiag Version: 0.2-3 The postinst script copies the tcpdump binary from the tcpdump package and the traceroute binary from the netstd package to /usr/bin and makes them setuid root.adm. This allows all users in the existing adm group to use tcpdump to get the unencrypted passwords that are transmitted over the network.
IMHO the netdiag package shouldn't use tcpdump/traceroute (neither as binaries nor as links). Copying/linking binaries from other packages just to have them in /usr/bin is a bad idea. Maybe something like this should be added to the guidelines. Thanks, Peter -- Peter Tobias EMail: Fachhochschule Ostfriesland [EMAIL PROTECTED] Fachbereich Elektrotechnik und Informatik [EMAIL PROTECTED] Constantiaplatz 4, 26723 Emden, Germany [EMAIL PROTECTED]
