-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 557-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
October 4th, 2004
David F. Skoll wrote:
On Mon, 4 Oct 2004, Martin Schulze wrote:
There are reasons users install it setuid / setgid, and these installations
are vulnerable.
I disagree. There is absolutely *no* reason to install rp-pppoe
setuid-root. It is normally invoked by pppd, and pppd must be
Hi David,
On Mon, Oct 04, 2004 at 10:27:28AM -0400, David F. Skoll wrote:
On Mon, 4 Oct 2004, Martin Schulze wrote:
There are reasons users install it setuid / setgid, and these installations
are vulnerable.
I disagree. There is absolutely *no* reason to install rp-pppoe
setuid-root.
Max Vozeler wrote:
The pppd in Debian appears to change privileges back to those of the
invoking user before calling the program specified in the pty option,
preventing normal users from controlling PPPOE connections like other
normal PPP connections.
If this is really the case, then maybe the
Recently a friend made the assertion that I want to get some feed back on:
if you connect to an x server you have access to the protocol stream of
any other user also connected to it
I couldn't get him to clarify at the time, but as a broad statement it
seems dubious (particularly the IT dept
It was FUD. Some silly people had a default policy on xwin that didn't
have any host or authenication restrictions. Sorry to bother you all.
Philip Thiem
--On Monday, October 04, 2004 06:39:00 PM -0500 Philip Thiem
[EMAIL PROTECTED] wrote:
Recently a friend made the assertion that I want to
Thanks for the clarification. I had posted that I thought it was FUD, but
my language
was _too_ strong. Yeah, that makes sense, but it was presented to me on
such a wide scale,
that it didn't make sense to me. Would it be correct this this is about as
severe,
as have a root user at all.
Philip Thiem [EMAIL PROTECTED] writes:
Recently a friend made the assertion that I want to get some feed back on:
if you connect to an x server you have access to the protocol stream
of any other user also connected to it
I believe that this is more or less correct.
If you can connect to
Philip Thiem [EMAIL PROTECTED] writes:
Thanks for the clarification. I had posted that I thought it was FUD,
but my language
was _too_ strong. Yeah, that makes sense, but it was presented to me
on such a wide scale,
that it didn't make sense to me.
The key is that random users shouldn't
9 matches
Mail list logo