Date: Tue, 26 Sep 2006 08:03:30 +0700 (ICT) From: Olivier Nicole <on@cs.ait.ac.th> To: bcook@poklib.org Cc: freebsd-questions@freebsd.org Subject: Re: When to use SUID Perl (5.8.x)? Message-ID: <200609260103.k8Q13Uig084976@banyan.cs.ait.ac.th> In-Reply-To: <4517D1D0.3080703@poklib.org> (bcook@poklib.org) References: <4517D1D0.3080703@poklib.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > Just wondering what do you need suid perl for? To run a Perl script that needs to get root privileges. > it is a security risk having it? It is always a risk to have a powerfull tool installed when you don't need it. If a security bug is discovered in Perl, one could be able to become root without you wanting it. > Is the risk that if the webserver/webserver-app gets comprimised the > user could use perl? It depends on whatyou are running on your server. If you don't need setuid perl, do not install it :)) Olivier
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609260103.k8Q13Uig084976>