Date: Fri, 11 Aug 2000 13:35:19 -0600 From: Warner Losh <imp@village.org> To: Christopher Masto <chris@netmonger.net> Cc: "Chris D. Faulhaber" <jedgar@fxp.org>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile Message-ID: <200008111935.NAA36773@harmony.village.org> In-Reply-To: Your message of "Fri, 11 Aug 2000 15:23:18 EDT." <20000811152305.C12290@netmonger.net> References: <20000811152305.C12290@netmonger.net> <20000811144136.A12290@netmonger.net> <20000811141800.A14610@netmonger.net> <Pine.BSF.4.21.0008111426270.98390-100000@pawn.primelocation.net> <20000811144136.A12290@netmonger.net> <200008111857.MAA36439@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20000811152305.C12290@netmonger.net> Christopher Masto writes: : Why not turn off setuid entirely by default? In fact, compile setuid : out of the kernel, and require people to install the kernel source and : build a custom kernel before setuid works at all. That would make : FreeBSD much more secure, which is of course more important than : being useful. Because setuid is and can be made to be secure. : In other words, what's so special about interpreted programs (written : in a language with a special setuid safety mode) that we should : not allow them to be setuid, but still allow it for compiled programs? The interpreter is known to have bugs. : There's nothing in the base system that requires ssh. There's nothing : in the base system that requires cc. There's nothing in the base : system that requires uucp, lpr, cal, or fpr. If the content of the : base system was truly determined by its relationship to other parts of : the base system, we wouldn't _have_ a base system. cc is reuiqred to buidl the system, which makes it a requirement. : The question is not whether some other piece of FreeBSD requires it - : it's whether the _users_ require it. That's true. : > It is a huge piece of software. Sure, the fix came quickly and : > didn't impact us this time, but what other bugs are there in this : > huge piece of code that will bite us in the future? : : The same could be said of /kernel, but I wouldn't suggest removing it. : : > This bug existed despite the multiple reviews of perl. : : Because it was really a bug in mail. No. The bug was in perl in that it invoked mail w/o sanitizing the environment. : If you don't have the time to fix the problem properly, you shouldn't : fix it. What you've done is removed a large piece of functionality in : a way that requires an extreme step (install all source and : buildworld) for the average user to get it back. Give me a break. It isn't that huge a requirement today with the disks that people have. However, turning off the suid bit, as others have suggested, fixes the problem nicely. : I will now make a constructive suggestion for an alternate "quick : fix". Build and install the binary for suidperl, but don't make it : setuid (or executable), and possibly stuck it somewhere under a : different name. Then people can at least put it back without having : to find room for /usr/src and time to run a buildworld. Finding room for /usr/src is a non-issue. However, since the fix of turning off the setuid bit is so easy to make, I'll just do that instead. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008111935.NAA36773>