From owner-freebsd-security  Tue Nov 13  1:24: 4 2001
Delivered-To: freebsd-security@freebsd.org
Received: from hotmail.com (f74.pav1.hotmail.com [64.4.31.74])
	by hub.freebsd.org (Postfix) with ESMTP id 3B95537B405
	for <freebsd-security@freebsd.org>; Tue, 13 Nov 2001 01:23:59 -0800 (PST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 13 Nov 2001 01:23:55 -0800
Received: from 212.30.183.204 by pv1fd.pav1.hotmail.msn.com with HTTP;
	Tue, 13 Nov 2001 09:23:54 GMT
X-Originating-IP: [212.30.183.204]
From: "Magdalinin Kirill" <bsdforumen@hotmail.com>
To: sheldonh@starjuice.net
Cc: freebsd-security@freebsd.org
Subject: Re: nosuid, suidperl
Date: Tue, 13 Nov 2001 12:23:54 +0300
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F747mPotpmQ6PEJvWKt00023b1e@hotmail.com>
X-OriginalArrivalTime: 13 Nov 2001 09:23:55.0157 (UTC) FILETIME=[EA79FC50:01C16C24]
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

>The default FreeBSD distribution doesn't offer a setuid root suidperl

does it? Do you know if it comes with apache(suexec)?
The reason I ask is that there is suidperl and the
only distribution that might use it is apache.

Can I safely chmod it to 750?

thanks,

Kirill Magdalinin
bsdforumen@hotmail.com


>From: Sheldon Hearn <sheldonh@starjuice.net>
>To: Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>
>CC: freebsd-security@freebsd.org
>Subject: Re: nosuid, suidperl
>Date: Tue, 13 Nov 2001 10:46:51 +0200
>
>On Tue, 13 Nov 2001 09:31:44 +0100, Christoph Kukulies wrote:
>
> > The mount(8) manpage says:
> >
> >              nosuid  Do not allow set-user-identifier or 
>set-group-identifier
> >                      bits to take effect.  Note: this option is 
>worthless if a
> >                      public available suid or sgid wrapper like 
>suidperl(1) is
> >                      installed on your system.
> >
> > In howfar does this compromise security?
>
>The default FreeBSD distribution doesn't offer a setuid root suidperl(1)
>program, but it's worth checking your specific installation with 'ls -l
>/usr/bin/suidperl'.
>
>Ciao,
>Sheldon.
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message