From owner-freebsd-questions Tue Aug 20 6:26:37 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A89937B400 for ; Tue, 20 Aug 2002 06:26:36 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id EAD6843E6E for ; Tue, 20 Aug 2002 06:26:34 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk ([IPv6:::1]) by smtp.infracaninophile.co.uk (8.12.5/8.12.5) with ESMTP id g7KDQHQI016336; Tue, 20 Aug 2002 14:26:17 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.12.5/8.12.5/Submit) id g7KDQAor016335; Tue, 20 Aug 2002 14:26:10 +0100 (BST) Date: Tue, 20 Aug 2002 14:26:10 +0100 From: Matthew Seaman To: "Oles' Hnatkevych" Cc: freebsd-questions@FreeBSD.ORG Subject: Re: sperl5 Message-ID: <20020820132610.GC16083@happy-idiot-talk.infracaninophi> References: <18314669303.20020820130631@fc.kiev.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <18314669303.20020820130631@fc.kiev.ua> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Aug 20, 2002 at 01:06:31PM +0300, Oles' Hnatkevych wrote: > Why /usr/bin/sperl5 still has r-x--x--x instead > of r-s--x--x - just in case it has undisclosed bugs > or still exist known exploites for the sperl5? > > If I change it back to 4511 - what should I be afraid of? That's just reasonable paranoia. After all, perl is a general purpose language that lets you do anything you can think of usually in more than one way -- and that includes getting a root shell from sperl. Granted that there are Taint checks and other mechanisms built into sperl, which should give you some protection, but it's still way too much exposure for the root account. Don't 'chmod u+s sperl' unless you have a very good reason to do so. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Tel: +44 1628 476614 Marlow Fax: +44 0870 0522645 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message