[9102] in bugtraq
Re: Secuity hole with perl (suidperl) and nosuid mounts on Linux
daemon@ATHENA.MIT.EDU (Ollivier Robert)
Mon Jan 18 12:55:32 1999
Mail-Followup-To: BUGTRAQ@netspace.org
Date: Mon, 18 Jan 1999 11:13:24 +0100
Reply-To: Ollivier Robert <roberto@EUROCONTROL.FR>
From: Ollivier Robert <roberto@EUROCONTROL.FR>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19990115001401.A3226@best.com>; from Jan B. Koum on Fri, Jan 15,
1999 at 12:14:01AM -0800
According to Jan B. Koum:
> nosuid Do not allow set-user-identifier or
> set-group-identifier bits to take effect. Note: this option
> is worthless if a public available suid or sgid wrapper like
> suidperl(1) is installed on your system.
As I saif to Jan on freebsd-security, I submitted a patch to perl5-porters
before 5.004_04 but it was not included in the mainstream Perl because
1. it was too close to release and 2. it was FreeBSD-specific.
The fix to this bug/feature has been incorporated in FreeBSD's perl5 port
and in the /usr/src/contrib-uted version of Perl since before 2.2.7 so
FreeBSD users neeed not to worry about that.
--
Ollivier ROBERT -=- Eurocontrol EEC/TS -=- Ollivier.Robert@eurocontrol.fr
The Postman hits! The Postman hits! You have new mail.
