Date: Sat, 12 Jan 2002 20:44:04 +1100 From: "Tim J. Robbins" <tim@robbins.dropbear.id.au> To: freebsd-security@FreeBSD.ORG Subject: Re: suidperl Message-ID: <20020112204404.A455@raven.robbins.dropbear.id.au> In-Reply-To: <077f01c19b41$7cf205a0$6500a8c0@halenet.com.au>; from timbo@halenet.com.au on Sat, Jan 12, 2002 at 06:16:49PM %2B1000 References: <077f01c19b41$7cf205a0$6500a8c0@halenet.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jan 12, 2002 at 06:16:49PM +1000, list wrote: > Can anyone tell me what security issues there may be with enabling suidperl > and what the best way to achieve this would be? To enable suidperl, you can add "ENABLE_SUIDPERL=true" to /etc/make.conf (see /etc/defaults/make.conf) and rebuild. chmod u+s /usr/bin/suidperl will also work, but the suid bit will be dropped next rebuild. As for potential security issues.. it could expose you to a local root compromise; it's had problems in the past. The most notable example I can think of is this one (read the thread): http://docs.freebsd.org/cgi/getmsg.cgi?fetch=119124+0+archive/2000/freebsd-security/20000813.freebsd-security It turns out that FreeBSD was not vulnerable to that attack but illustrates that there are risks. Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020112204404.A455>