David F. Skoll wrote:
> The rp-pppoe "security advisory" is totally bogus. rp-pppoe is
> not meant to run SUID-root, and nowhere in the documentation is this
> recommended.
There are reasons users install it setuid / setgid, and these installations
are vulnerable.
> You might as well post a security advisory about "ls" because it doesn't
> drop privileges if it's installed SUID-root.
If it would be common for ls to run setuid/setgid and it was vulnerable
to any attack, we't have to, unfortunately.
Regards,
Joey
--
Everybody talks about it, but nobody does anything about it! -- Mark Twain
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
