Date: Fri, 11 Aug 2000 14:26:30 -0700 From: Marcel Moolenaar <marcel@cup.hp.com> To: arch@FreeBSD.ORG Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile Message-ID: <39946F86.62F0B165@cup.hp.com> References: <399458F3.15AC1DE@cup.hp.com> <200008111935.NAA36773@harmony.village.org> <20000811152305.C12290@netmonger.net> <20000811144136.A12290@netmonger.net> <20000811141800.A14610@netmonger.net> <Pine.BSF.4.21.0008111426270.98390-100000@pawn.primelocation.net> <20000811144136.A12290@netmonger.net> <200008111857.MAA36439@harmony.village.org> <200008111940.NAA44776@harmony.village.org> <200008111955.NAA68299@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Warner Losh wrote: > > [[ I'm moving this to arch since it is becoming more involved than I > thought initially -- imp ]] [committers removed from CC] > In message <399458F3.15AC1DE@cup.hp.com> Marcel Moolenaar writes: > : I opt for a wrapper that, if sperl is "disabled", fails with an error > : explaining why sperl won't work as expected. Installing sperl without > : the expected mods is against POLA. > > How would the wrapper determine that sperl is disabled? How could the > wrapper ensure that the shadow copy of sperl is secure against direct > invocation? Suggestions? As mentioned in another mail; the wrapper could look at the mods to determine that. I think it should *not* run the sperl if the mods don't have suid. Instead, a message could be given that explains why sperl is not being run. That message could be as verbose as we think is reasonable to explain to the unexpected user why his script isn't running as he/she might be used to. That way we have wrapped the sperl bug of not having the suid bit set into a package that, as a whole, isn't really a bug anymore and can only be slightly inconvenient to those users that have suid perl scripts. -- Marcel Moolenaar mail: marcel@cup.hp.com / marcel@FreeBSD.org tel: (408) 447-4222 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39946F86.62F0B165>