[16130] in bugtraq
Re: sperl 5.00503 (and newer ;) exploit
daemon@ATHENA.MIT.EDU (Paul Szabo)
Tue Aug 8 03:32:10 2000
Message-Id: <200008072226.IAA10813@milan.maths.usyd.edu.au>
Date: Tue, 8 Aug 2000 08:26:27 +1000
Reply-To: Paul Szabo <psz@MATHS.USYD.EDU.AU>
From: Paul Szabo <psz@MATHS.USYD.EDU.AU>
To: BUGTRAQ@SECURITYFOCUS.COM
There have been some source patches posted. But what if you are too lazy
(or busy) to re-build perl (or the person who built it is on holidays)?
Use a binary editor to patch the suidperl binary, something like:
cd /usr/local/bin
cp -i suidperl suidperl.ORIG
perl -pe 's/mail root/NOmailZZZ/' < suidperl.ORIG > suidperl
chmod 4711 suidperl
(Your file may be named sperl or sperl5.6.0 or whatever, and permissions or
ownership may vary. Beware.)
Looking for further problems, I checked 'strings suidperl' and it shows
(besides the mail thing, and lots of irrelevant stuff):
/usr/bin/csh
/usr/bin/sed
-e '1,/^#/d
/bin/sh
Are these dangerous? Where (why) are they used?
Paul Szabo - psz@maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia
