On Wed, Oct 06, 2004 at 02:11:32PM +0200, Marco d'Itri wrote:
> On Oct 06, Max Vozeler <[EMAIL PROTECTED]> wrote:
>
> > It would make it possible for /usr/sbin/pppoe to get rid of setuid root
> > and still work for unprivileged users. Marco, how does this look to you?
> > Would you consider includ
On Wed, 06 Oct 2004, Marco d'Itri wrote:
> On Oct 06, Max Vozeler <[EMAIL PROTECTED]> wrote:
>
> > It would make it possible for /usr/sbin/pppoe to get rid of setuid root
> > and still work for unprivileged users. Marco, how does this look to you?
> > Would you consider including such an option in
On Oct 06, Max Vozeler <[EMAIL PROTECTED]> wrote:
> It would make it possible for /usr/sbin/pppoe to get rid of setuid root
> and still work for unprivileged users. Marco, how does this look to you?
> Would you consider including such an option in ppp?
I think I'm missing something. What's wrong w
On Mon, Oct 04, 2004 at 12:14:56PM -0400, Christian Hudon wrote:
> Max Vozeler wrote:
>
> >The pppd in Debian appears to change privileges back to those of the
> >invoking user before calling the program specified in the pty option,
> >preventing normal users from controlling PPPOE connections lik
Max Vozeler wrote:
The pppd in Debian appears to change privileges back to those of the
invoking user before calling the program specified in the pty option,
preventing normal users from controlling PPPOE connections like other
normal PPP connections.
If this is really the case, then maybe the b
Hi David,
On Mon, Oct 04, 2004 at 10:27:28AM -0400, David F. Skoll wrote:
> On Mon, 4 Oct 2004, Martin Schulze wrote:
>
> > There are reasons users install it setuid / setgid, and these installations
> > are vulnerable.
>
> I disagree. There is absolutely *no* reason to install rp-pppoe
> setui
David F. Skoll wrote:
> On Mon, 4 Oct 2004, Martin Schulze wrote:
>
> > There are reasons users install it setuid / setgid, and these installations
> > are vulnerable.
>
> I disagree. There is absolutely *no* reason to install rp-pppoe
> setuid-root. It is normally invoked by pppd, and pppd mus
On Mon, 4 Oct 2004, Martin Schulze wrote:
> There are reasons users install it setuid / setgid, and these installations
> are vulnerable.
I disagree. There is absolutely *no* reason to install rp-pppoe
setuid-root. It is normally invoked by pppd, and pppd must be either
invoked by root or setui
David F. Skoll wrote:
> The rp-pppoe "security advisory" is totally bogus. rp-pppoe is
> not meant to run SUID-root, and nowhere in the documentation is this
> recommended.
There are reasons users install it setuid / setgid, and these installations
are vulnerable.
> You might as well post a secu
Hi,
The rp-pppoe "security advisory" is totally bogus. rp-pppoe is
not meant to run SUID-root, and nowhere in the documentation is this
recommended.
You might as well post a security advisory about "ls" because it doesn't
drop privileges if it's installed SUID-root.
Arguably, rp-pppoe should se
10 matches
Mail list logo
