Ollivier Robert writes: > According to Jan B. Koum: > > nosuid Do not allow set-user-identifier or > > set-group-identifier bits to take effect. Note: this option > > is worthless if a public available suid or sgid wrapper like > > suidperl(1) is installed on your system. > > As I saif to Jan on freebsd-security, I submitted a patch to perl5-porters > before 5.004_04 but it was not included in the mainstream Perl because > 1. it was too close to release and 2. it was FreeBSD-specific. > > The fix to this bug/feature has been incorporated in FreeBSD's perl5 port > and in the /usr/src/contrib-uted version of Perl since before 2.2.7 so > FreeBSD users neeed not to worry about that. Ditto for NetBSD if one has been using the "packages", and IIRC OpenBSD uses FreeBSD ports system, so all the NeoBSDs have been relatively safe. Of course, by the numbers Linux has been a gaping hole, then. > -- > Ollivier ROBERT -=- Eurocontrol EEC/TS -=- Ollivier.Robertat_private > The Postman hits! The Postman hits! You have new mail. -- $jhi++; # http://www.iki.fi/jhi/ # There is this special biologist word we use for 'stable'. # It is 'dead'. -- Jack Cohen
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:29:11 PDT