Re: Fedora Legacy Test Update Notification: rp-pppoe

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Quoting David Eisenstein <deisenst@xxxxxxx>:

> Hey, Marc, Pekka & everyone,
> 
> Do you think if we reissued this under the new bug number
> (RH Bugzilla # 152794), it might see some action?  It took me
> awhile looking through my mail archives to find this test up-
> date notification.

There are two problems with this one.  First, it isn't a bug in
the default install, so it doesn't affect anyone unless they have
modified things.  Second, not very many people use it, since most
businesses/schools/etc. don't use pppoe.

> It may be that simply no one uses this package?  I know I don't
> and wouldn't know how to test it.		-David

If I understand it correctly, to test it you would need to change it
to be suid which it normally isn't, and then try to exploit it (to make
sure it isn't still vulnerable) and make sure it still works (actually
still does pppoe).  If this is correct, then it isn't a real big security
issue, since making an non-suid program suid is a known security issue in
itself, and anyone doing that should take responsibility for any problems
that arise from it.

If people want it released, we can just test the installation/updating of
it, not the functionality of it or the exploits, and let it go at that.
I'd prefer it was tested for functionality, but sometimes that just isn't
going to happen, and this may be one of those times.  But anyone can test
that it installs without problems, so we should at least do that much.

-- 
Eric Rostetter

--

fedora-legacy-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux