Quoting David Eisenstein <deisenst@xxxxxxx>: > Hey, Marc, Pekka & everyone, > > Do you think if we reissued this under the new bug number > (RH Bugzilla # 152794), it might see some action? It took me > awhile looking through my mail archives to find this test up- > date notification. There are two problems with this one. First, it isn't a bug in the default install, so it doesn't affect anyone unless they have modified things. Second, not very many people use it, since most businesses/schools/etc. don't use pppoe. > It may be that simply no one uses this package? I know I don't > and wouldn't know how to test it. -David If I understand it correctly, to test it you would need to change it to be suid which it normally isn't, and then try to exploit it (to make sure it isn't still vulnerable) and make sure it still works (actually still does pppoe). If this is correct, then it isn't a real big security issue, since making an non-suid program suid is a known security issue in itself, and anyone doing that should take responsibility for any problems that arise from it. If people want it released, we can just test the installation/updating of it, not the functionality of it or the exploits, and let it go at that. I'd prefer it was tested for functionality, but sometimes that just isn't going to happen, and this may be one of those times. But anyone can test that it installs without problems, so we should at least do that much. -- Eric Rostetter -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
