Date: Fri, 11 Aug 2000 16:32:04 -0400 From: Christopher Masto <chris@netmonger.net> To: Neil Blakey-Milner <nbm@mithrandr.moria.org> Cc: Marcel Moolenaar <marcel@cup.hp.com>, Warner Losh <imp@village.org>, "Chris D. Faulhaber" <jedgar@fxp.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile Message-ID: <20000811163154.E12290@netmonger.net> In-Reply-To: <20000811215224.B57942@mithrandr.moria.org>; from nbm@mithrandr.moria.org on Fri, Aug 11, 2000 at 09:52:24PM %2B0200 References: <200008111935.NAA36773@harmony.village.org> <20000811152305.C12290@netmonger.net> <20000811144136.A12290@netmonger.net> <20000811141800.A14610@netmonger.net> <Pine.BSF.4.21.0008111426270.98390-100000@pawn.primelocation.net> <20000811144136.A12290@netmonger.net> <200008111857.MAA36439@harmony.village.org> <200008111940.NAA44776@harmony.village.org> <399458F3.15AC1DE@cup.hp.com> <20000811215224.B57942@mithrandr.moria.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 11, 2000 at 09:52:24PM +0200, Neil Blakey-Milner wrote:
> On Fri 2000-08-11 (12:50), Marcel Moolenaar wrote:
> > I opt for a wrapper that, if sperl is "disabled", fails with an error
> > explaining why sperl won't work as expected. Installing sperl without
> > the expected mods is against POLA.
>
> If it is documented, you needn't be astonished. Also, I imagine that we
> can make suidperl a wrapper which explains the problem, and _also_
> provide it without setuid privilege (or just build it into suidperl, but
> that'd mean getting dirty with the contrib code).
It "sorta kinda" almost does that now.
chris@lion-around:/tmp$ cat testsuid.pl
#!/usr/bin/perl
print "$< $>\n";
chris@lion-around:/tmp$ ls -l =suidperl
-r-x--x--x 3 root wheel 58312 Jul 16 17:28 /usr/bin/suidperl*
chris@lion-around:/tmp$ ./testsuid.pl
Can't do setuid
Which is sort of documented in perldiag..
Can't do setuid
(F) This typically means that ordinary perl tried to
exec suidperl to do setuid emulation, but couldn't
exec it. It looks for a name of the form sperl5.000
in the same directory that the perl executable resides
under the name perl5.000, typically /usr/local/bin on
Unix machines. If the file is there, check the exe-
cute permissions. If it isn't, ask your sysadmin why
he and/or she removed it.
Perhaps we could get the Perl dudes to improve the error message by
noticing that it did find a non-setuid suidperl and being a little
more verbose about it. I think they'd definately go for that,
particularly since we're not the only OS that will ship with suidperl
set up this way.
On the other hand, "[PROPOSAL] let us bury suidperl" is a current
thread on p5p.
--
Christopher Masto Senior Network Monkey NetMonger Communications
chris@netmonger.net info@netmonger.net http://www.netmonger.net
Free yourself, free your machine, free the daemon -- http://www.freebsd.org/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000811163154.E12290>