Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 4 Jul 2002 15:14:13 +0300
From:      Peter Pentchev <roam@ringlet.net>
To:        Tim Robbins <tjr@FreeBSD.ORG>
Cc:        Akinori MUSHA <knu@iDaemons.org>, audit@FreeBSD.ORG
Subject:   Re: suidperl
Message-ID:  <20020704121413.GB382@straylight.oblivion.bg>
In-Reply-To: <20020704221031.A53275@dilbert.robbins.dropbear.id.au>
References:  <86sn2zpzmp.wl@daemon.musha.org> <20020704221031.A53275@dilbert.robbins.dropbear.id.au>
next in thread | previous in thread | raw e-mail | index | archive | help 

--vkogqOf2sHV7VnPd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Jul 04, 2002 at 10:10:31PM +1000, Tim Robbins wrote:
> On Thu, Jul 04, 2002 at 07:15:58PM +0900, Akinori MUSHA wrote:
>=20
> > Index: src/usr.bin/suidperl/Makefile
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> > RCS file: src/usr.bin/suidperl/Makefile
> > diff -N src/usr.bin/suidperl/Makefile
> > --- /dev/null	1 Jan 1970 00:00:00 -0000
> > +++ src/usr.bin/suidperl/Makefile	4 Jul 2002 10:08:12 -0000
> > @@ -0,0 +1,15 @@
> > +# $FreeBSD$
> > +
> > +.PATH:	${.CURDIR}/../perl
> > +
> > +PROG=3D	suidperl
> > +SRCS=3D	perl.c
> > +NOMAN=3D
> > +WARNS?=3D	6
> > +
> > +BINOWN=3D	root
> > +.if defined(ENABLE_SUIDPERL)
> > +BINMODE=3D4555
> > +.endif
>=20
> This is unsafe:
>=20
> $ ln -s /bin/sh /tmp/perl
> $ env PATH=3D/tmp:$PATH /usr/bin/perl
> # id
> uid=3D1001(tim) euid=3D0(root) gid=3D1001(tim) groups=3D1001(tim), 0(whee=
l)

Are you sure that you do not have suidperl still hardlinked to 'perl',
exactly the hardlink that the first part of knu's patch removes? :)

G'luck,
Peter

--=20
Peter Pentchev	roam@ringlet.net	roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
If I had finished this sentence,

--vkogqOf2sHV7VnPd
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iD8DBQE9JDwU7Ri2jRYZRVMRAsXPAKCf2t/KhMx1ksgl3bdDt3frUxOWpQCfZSdl
hI4/MWrrRtmDYpS5oCux2Ds=
=Gugd
-----END PGP SIGNATURE-----

--vkogqOf2sHV7VnPd--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020704121413.GB382>