Greg Franks <rgfranks@alumni.uwaterloo.ca> writes:
"Greg" == Greg Franks <rgfranks@alumni.uwaterloo.ca> writes:
Greg> Quick question, is there a good reason why suidperl is Greg> setuid root? (Security, probably, but is there a particular Greg> exploit that I should be aware of?)
Greg> -rwxr-xr-x 2 root root 800943 Sep 19 2001 suidperl
Greg> Perl5.6.1, Suse Linux 7.3
Ooops... is there any good reason why suidperl (which is used to execute suid perl scripts is NOT set uid root (ie. mode 04755)?
The perl developers seem to have lost confidence in its security after several bugs -- from the INSTALL file: Because of the buggy history of suidperl, and the difficulty of properly security auditing as large and complex piece of software as Perl, we cannot recommend using suidperl and the feature should be considered deprecated. Instead use for example 'sudo': http://www.courtesan.com/sudo/ [end quote] I use suidperl myself.
participants (1)
-
Mark Gray