[856] in linux-security and linux-alert archive
Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability in suidperl (fwd)
daemon@ATHENA.MIT.EDU (Alan Cox)
Thu Jun 27 11:22:23 1996
From: iialan@iifeak.swan.ac.uk (Alan Cox)
To: jlewis@inorganic5.fdt.net (Jon Lewis)
Date: Thu, 27 Jun 1996 10:50:24 +0100 (BST)
Cc: linux-security@tarsier.cv.nrao.edu, linux-alert@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.91.960626155616.15516p-100000@inorganic5.chem.ufl.edu> from "Jon Lewis" at Jun 26, 96 04:10:24 pm
> Has anyone verified yet whether this is a problem on Linux boxes across
> the world?
Yes it is. And when you fix it watch that you get both sperl5.001 and suidperl
> Linux
> =====
> Linux 1.2 and 2.0 support saved set-user-id.
>
> Most distributions of Linux provide suidperl and sperl.
>
> The fixsperl script works on linux, and it is recommended that this
> fix be applied until a new Perl release is made.
>