12 Dec
2004
12 Dec
'04
11:29
Carlos E. R. wrote:
Er... I agree that installing all those things is a nuissance, specially about tabooed packages; but you don't explain why all that it is a security risk.
You could argue that /usr/sbin/isdnctrl is SUID root, so this is a potential security hole (see [1]). My favorite quote from [1]: "The i4l package is installed by default and also vulnerable if you do not have a ISDN setup." I think this is what the OP meant. When I kicked the ISDN packages off my system I also wondered why wine needs i4l and why i4l was even installed on a system without ISDN hardware. IMHO you shouldn't install services/SUID binaries that are _obviously_ unnecessary. Regards nordi [1] http://lwn.net/Alerts/7273/