Re: Secuity hole with perl (suidperl) and nosuid mounts on Linux

From: Ollivier Robert (robertoat_private)
Date: Mon Jan 18 1999 - 02:13:24 PST

Next message: John Mizzi: "Re: Sendmail 8.8.x/8.9.x bugware"

Previous message: GvS: "Michal's report and sendmail-8.9.2"
Maybe in reply to: Brian McCauley: "Secuity hole with perl (suidperl) and nosuid mounts on Linux"
Next in thread: Jarkko Hietaniemi: "Re: Secuity hole with perl (suidperl) and nosuid mounts on Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

According to Jan B. Koum:
>              nosuid Do not allow set-user-identifier or
>              set-group-identifier bits to take effect.  Note: this option
>              is worthless if a public available suid or sgid wrapper like
>              suidperl(1) is installed on your system.

As I saif to Jan on freebsd-security, I submitted a patch to perl5-porters
before 5.004_04 but it was not included in the mainstream Perl because
1. it was too close to release and 2. it was FreeBSD-specific.

The fix to this bug/feature has been incorporated in FreeBSD's perl5 port
and in the /usr/src/contrib-uted version of Perl since before 2.2.7 so
FreeBSD users neeed not to worry about that.
--
Ollivier ROBERT -=- Eurocontrol EEC/TS -=- Ollivier.Robertat_private
The Postman hits! The Postman hits! You have new mail.

Next message: John Mizzi: "Re: Sendmail 8.8.x/8.9.x bugware"
Previous message: GvS: "Michal's report and sendmail-8.9.2"
Maybe in reply to: Brian McCauley: "Secuity hole with perl (suidperl) and nosuid mounts on Linux"
Next in thread: Jarkko Hietaniemi: "Re: Secuity hole with perl (suidperl) and nosuid mounts on Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:29:07 PDT