Date: Mon, 25 Nov 1996 10:47:58 +0100 (MET) From: J Wunsch <j@uriah.heep.sax.de> To: ports@freebsd.org Cc: hackers@freebsd.org, rhh@ct.picker.com (Randall Hopper) Subject: Re: suidperl (v5.003) - Doesn't work, Any Tips? Message-ID: <199611250947.KAA16780@uriah.heep.sax.de> In-Reply-To: <Mutt.19961124183746.rhh@elmer.ct.picker.com> from Randall Hopper at "Nov 24, 96 06:37:46 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
As Randall Hopper wrote:
> I have a really simple setuid script that used to work with the perl
> 5.001 port. I recently upgraded to 2.2-ALPHA and the 5.003 port, and it
> stopped working:
>
> #!/usr/local/bin/suidperl -w
>
> $ENV{'PATH'} = '/bin:/usr/bin:/usr/sbin:/sbin';
> exec( "/sbin/mount /zip" );
>
> It just dumps out without any errors at all.
This looks as if somebody stupidly assumed the Perl gods are DingTRT.
They aren't. The entire suidperl patches for BSD they've been
emitting don't work. The only thing that works is dropping support
for Posix saved IDs (which was the source of the known suidperl evil
in the first place), and use a similar configuration as the Perl4 in
the base code uses. /usr/bin/suidperl _does_ work, and it's believed
to not have the recent security hole.
--
cheers, J"org
joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611250947.KAA16780>