Hi, The rp-pppoe "security advisory" is totally bogus. rp-pppoe is not meant to run SUID-root, and nowhere in the documentation is this recommended.
You might as well post a security advisory about "ls" because it doesn't drop privileges if it's installed SUID-root. Arguably, rp-pppoe should set its user-ID to "nobody" after it has opened the raw sockets. It wasn't designed this way because pppd runs as root all the time, and pppd is orders of magnitude more complex than rp-pppoe, so I didn't see much security advantage. Regards, David. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
