the /usr/bin/ct command included with at least net-dialup/mgetty-1.1.30-r2 is installed suid root (may include other versions). This command does not appear to actually implement the ct command however, so having this suid root is unnessasary. Reproducible: Always Steps to Reproduce: 1. emerge =net-dialup/mgetty-1.1.30-r2 2. ls -l /usr/bin/ct Actual Results: /usr/bin/ct is installed suid root. Expected Results: Installed with sensable permissions.
the source code of the ct executable is this: #include <stdio.h> #include "mgetty.h" int main _P2((argc, argv), int argc, char ** argv ) { fprintf( stderr, "ct: not yet implemented\n" ); return 1; } evidently, it isn't a security risk. what would be the point of removing suid attribute in this version? it will only make the life harder for the mgetty maintainer when a new version with a brand new ct will come.
reopen bug - time to fix it, along with bug 155670.
Now hopefully I manage to reopen it (sorry for the spam).
Fixed in 1.1.35-r2 - ct is no longer installed.
