Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 3 Jun 1997 12:56:05 -0500 (CDT)
From:      "Paul T. Root" <proot@horton.iaces.com>
To:        shovey@buffnet.net (Steve)
Cc:        perl@netmug.org, freebsd-questions@FreeBSD.ORG
Subject:   Re: Security problem with FreeBSD 2.2.1 default installation
Message-ID:  <199706031756.MAA18425@horton.iaces.com>
In-Reply-To: <Pine.BSI.3.95.970603081844.22117K-100000@buffnet11.buffnet.net> from Steve at "Jun 3, 97 08:18:55 am"

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
In a previous message, Steve said:
> 
> Delete it - you should not have a need for suidperl

I use suidperl. 

This is a new problem. The CERT advisory came out May 29.
Go ahead and delete it. Also, if you have installed perl5
you'll need to delete the perl5 setuid program in /usr/local/bin.

If you need suidperl, you'll need to get Perl5.004 and compile it
yourself.

Paul.


> On Mon, 2 Jun 1997, Michael Haro wrote:
> > Hi, yesterday one of my users gained root access to my system. 
> > They did it by exploiting a bug in /usr/bin/sperl4*
> > Why does FreeBSD ship with a security hole?  Is this a new one that you didn't
> > know about?  How can I remedy the problem?  Right now, I deleted the file from
> > the server.  I am new to FreeBSD and would like to know how to fix it.
> > 
> > Thanks,
> > Michael perl@netmug.org
> > 
> 
> 
> 


-- 
You cannot achieve the impossible without attempting the absurd.



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?199706031756.MAA18425>