Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 3 Jun 1997 12:56:05 -0500 (CDT)
From:      "Paul T. Root" <>
To: (Steve)
Cc:, freebsd-questions@FreeBSD.ORG
Subject:   Re: Security problem with FreeBSD 2.2.1 default installation
Message-ID:  <>
In-Reply-To: <> from Steve at "Jun 3, 97 08:18:55 am"

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
In a previous message, Steve said:
> Delete it - you should not have a need for suidperl

I use suidperl. 

This is a new problem. The CERT advisory came out May 29.
Go ahead and delete it. Also, if you have installed perl5
you'll need to delete the perl5 setuid program in /usr/local/bin.

If you need suidperl, you'll need to get Perl5.004 and compile it


> On Mon, 2 Jun 1997, Michael Haro wrote:
> > Hi, yesterday one of my users gained root access to my system. 
> > They did it by exploiting a bug in /usr/bin/sperl4*
> > Why does FreeBSD ship with a security hole?  Is this a new one that you didn't
> > know about?  How can I remedy the problem?  Right now, I deleted the file from
> > the server.  I am new to FreeBSD and would like to know how to fix it.
> > 
> > Thanks,
> > Michael
> > 

You cannot achieve the impossible without attempting the absurd.

Want to link to this message? Use this URL: <>