From owner-cvs-all Fri Aug 11 14: 4:15 2000 Delivered-To: cvs-all@freebsd.org Received: from sivka.rdy.com (sivka.rdy.com [207.33.166.86]) by hub.freebsd.org (Postfix) with ESMTP id 5718537BCA8; Fri, 11 Aug 2000 14:04:06 -0700 (PDT) (envelope-from dima@sivka.rdy.com) Received: (from dima@localhost) by sivka.rdy.com (8.9.3/8.9.3) id OAA19233; Fri, 11 Aug 2000 14:02:13 -0700 (PDT) (envelope-from dima) Message-Id: <200008112102.OAA19233@sivka.rdy.com> Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile In-Reply-To: <200008112058.NAA92441@netplex.com.au> "from Peter Wemm at Aug 11, 2000 01:58:24 pm" To: Peter Wemm Date: Fri, 11 Aug 2000 14:02:13 -0700 (PDT) Cc: dima@rdy.com, Christopher Masto , "Chris D. Faulhaber" , Warner Losh , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Organization: HackerDome Reply-To: dima@rdy.com From: dima@rdy.com (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL77 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Peter Wemm writes: > > > > How do you see that resulting in _more_ security holes? > > If /usr/bin/suidperl doesn't exist and some program referes to it, it will > > give you "command not found" (or similar) message. > > Because people start writing setuid "#! /bin/suidsh -p" scripts instead. > And that is outright suicidal as it is guaranteed exploitable. It is also > the very reason that suidperl exists. Following that logic people will nuke /usr/bin/su and replace it with suid to root shell. People don't do it. They aren't _that_ stupid. > Cheers, > -Peter > -- > Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au > "All of this is for nothing if we don't go to the stars" - JMS/B5 > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message