Date: Thu, 4 Jul 2002 15:14:13 +0300 From: Peter Pentchev <roam@ringlet.net> To: Tim Robbins <tjr@FreeBSD.ORG> Cc: Akinori MUSHA <knu@iDaemons.org>, audit@FreeBSD.ORG Subject: Re: suidperl Message-ID: <20020704121413.GB382@straylight.oblivion.bg> In-Reply-To: <20020704221031.A53275@dilbert.robbins.dropbear.id.au> References: <86sn2zpzmp.wl@daemon.musha.org> <20020704221031.A53275@dilbert.robbins.dropbear.id.au>
next in thread | previous in thread | raw e-mail | index | archive | help
--vkogqOf2sHV7VnPd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 04, 2002 at 10:10:31PM +1000, Tim Robbins wrote: > On Thu, Jul 04, 2002 at 07:15:58PM +0900, Akinori MUSHA wrote: >=20 > > Index: src/usr.bin/suidperl/Makefile > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > RCS file: src/usr.bin/suidperl/Makefile > > diff -N src/usr.bin/suidperl/Makefile > > --- /dev/null 1 Jan 1970 00:00:00 -0000 > > +++ src/usr.bin/suidperl/Makefile 4 Jul 2002 10:08:12 -0000 > > @@ -0,0 +1,15 @@ > > +# $FreeBSD$ > > + > > +.PATH: ${.CURDIR}/../perl > > + > > +PROG=3D suidperl > > +SRCS=3D perl.c > > +NOMAN=3D > > +WARNS?=3D 6 > > + > > +BINOWN=3D root > > +.if defined(ENABLE_SUIDPERL) > > +BINMODE=3D4555 > > +.endif >=20 > This is unsafe: >=20 > $ ln -s /bin/sh /tmp/perl > $ env PATH=3D/tmp:$PATH /usr/bin/perl > # id > uid=3D1001(tim) euid=3D0(root) gid=3D1001(tim) groups=3D1001(tim), 0(whee= l) Are you sure that you do not have suidperl still hardlinked to 'perl', exactly the hardlink that the first part of knu's patch removes? :) G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If I had finished this sentence, --vkogqOf2sHV7VnPd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9JDwU7Ri2jRYZRVMRAsXPAKCf2t/KhMx1ksgl3bdDt3frUxOWpQCfZSdl hI4/MWrrRtmDYpS5oCux2Ds= =Gugd -----END PGP SIGNATURE----- --vkogqOf2sHV7VnPd-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020704121413.GB382>