Philip Thiem <[EMAIL PROTECTED]> writes:
> Thanks for the clarification. I had posted that I thought it was FUD,
> but my language
> was _too_ strong. Yeah, that makes sense, but it was presented to me
> on such a wide scale,
> that it didn't make sense to me.
The key is that random users sho
Philip Thiem <[EMAIL PROTECTED]> writes:
> Recently a friend made the assertion that I want to get some feed back on:
>
> "if you connect to an x server you have access to the protocol stream
> of any other user also connected to it"
I believe that this is more or less correct.
If you can conne
Thanks for the clarification. I had posted that I thought it was FUD, but
my language
was _too_ strong. Yeah, that makes sense, but it was presented to me on
such a wide scale,
that it didn't make sense to me. Would it be correct this this is about as
severe,
as have a root user at all. (Bec
It was FUD. Some silly people had a default policy on xwin that didn't
have any host or authenication restrictions. Sorry to bother you all.
Philip Thiem
--On Monday, October 04, 2004 06:39:00 PM -0500 Philip Thiem
<[EMAIL PROTECTED]> wrote:
Recently a friend made the assertion that I want to
Recently a friend made the assertion that I want to get some feed back on:
"if you connect to an x server you have access to the protocol stream of
any other user also connected to it"
I couldn't get him to clarify at the time, but as a broad statement it
seems dubious (particularly the IT dept
h
Max Vozeler wrote:
The pppd in Debian appears to change privileges back to those of the
invoking user before calling the program specified in the pty option,
preventing normal users from controlling PPPOE connections like other
normal PPP connections.
If this is really the case, then maybe the b
Hi David,
On Mon, Oct 04, 2004 at 10:27:28AM -0400, David F. Skoll wrote:
> On Mon, 4 Oct 2004, Martin Schulze wrote:
>
> > There are reasons users install it setuid / setgid, and these installations
> > are vulnerable.
>
> I disagree. There is absolutely *no* reason to install rp-pppoe
> setui
David F. Skoll wrote:
> On Mon, 4 Oct 2004, Martin Schulze wrote:
>
> > There are reasons users install it setuid / setgid, and these installations
> > are vulnerable.
>
> I disagree. There is absolutely *no* reason to install rp-pppoe
> setuid-root. It is normally invoked by pppd, and pppd mus
On Mon, 4 Oct 2004, Martin Schulze wrote:
> There are reasons users install it setuid / setgid, and these installations
> are vulnerable.
I disagree. There is absolutely *no* reason to install rp-pppoe
setuid-root. It is normally invoked by pppd, and pppd must be either
invoked by root or setui
David F. Skoll wrote:
> The rp-pppoe "security advisory" is totally bogus. rp-pppoe is
> not meant to run SUID-root, and nowhere in the documentation is this
> recommended.
There are reasons users install it setuid / setgid, and these installations
are vulnerable.
> You might as well post a secu
Hi,
The rp-pppoe "security advisory" is totally bogus. rp-pppoe is
not meant to run SUID-root, and nowhere in the documentation is this
recommended.
You might as well post a security advisory about "ls" because it doesn't
drop privileges if it's installed SUID-root.
Arguably, rp-pppoe should se
11 matches
Mail list logo
