Date: Fri, 5 Dec 1997 10:03:01 -0500 (EST) From: Charles Owens <owensc@enc.edu> To: Dan Jacobowitz <drow@chwest.org> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: Perl and setuid scripts Message-ID: <Pine.BSF.3.95q.971205081925.3274A-100000@itsdsv2.enc.edu> In-Reply-To: <Pine.BSF.3.96.971204225822.5435A-100000@mars.wexpress.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 4 Dec 1997, Dan Jacobowitz wrote:
>
> In the perl documentation it constantly refers to how certain BSDs set
> shell scripts to non-suid due to insecurity. Having browsed the relevant
> (I think) portions of kern_exec.c and imgact_shell.c, I do not think
> FreeBSD is one of them.
>
> Right?
>
> That would go along with the fact that perl is apparently built without
> the suid emulation (-DDOSUID).
>
> BUT - as soon as I made world, overwriting my former perl - first a 4.0
> which came with FreeBSD 2.2.2 however that was compiled, and then a 5.004
> built with -DDOSUID against the advice of the Configure program's freebsd
> default - with the2.2.5 copy of 4.0 built without -DDOSUID, suid perl
> scripts completely stopped working.
>
> What the heck am I missing here? The script is definitely NOT being run
> setuid ($< == $> == my-real-id-not-the-scripts-suid). Is something
> broken, or am I just blind and confused?
I've had to mess with this a few times myself, with varying degrees of
annoyance. Just this week, on a 2.2-970618-RELENG system I noticed that
suid perl scripts were not working. I was using Perl 5.003 from the 2.2
packages. To get past this I built Perl 5.004 in the ports tree. Just
did a plain make;make install. Suid scripts are working fine again.
I seem to recall that 4.0 had some security issues, so suid scripts are
now deliverately not supported for it.
Did you build your 5.004 manually or in the ports tree? The port includes
a number of setuid-related patches that I'm guessing are needed for the
feature to work.
Good luck,
---
-------------------------------------------------------------------------
Charles N. Owens Email: owensc@enc.edu
http://www.enc.edu/~owensc
Network & Systems Administrator
Information Technology Services "Outside of a dog, a book is a man's
Eastern Nazarene College best friend. Inside of a dog it's
too dark to read." - Groucho Marx
-------------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.971205081925.3274A-100000>