From owner-cvs-all Fri Aug 11 13:58:39 2000 Delivered-To: cvs-all@freebsd.org Received: from netplex.com.au (adsl-63-207-30-186.dsl.snfc21.pacbell.net [63.207.30.186]) by hub.freebsd.org (Postfix) with ESMTP id 0503937B78D; Fri, 11 Aug 2000 13:58:33 -0700 (PDT) (envelope-from peter@netplex.com.au) Received: from netplex.com.au (peter@localhost [127.0.0.1]) by netplex.com.au (8.9.3/8.9.3) with ESMTP id NAA92441; Fri, 11 Aug 2000 13:58:24 -0700 (PDT) (envelope-from peter@netplex.com.au) Message-Id: <200008112058.NAA92441@netplex.com.au> X-Mailer: exmh version 2.1.1 10/15/1999 To: dima@rdy.com Cc: Christopher Masto , "Chris D. Faulhaber" , Warner Losh , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile In-Reply-To: <200008112020.NAA18859@sivka.rdy.com> Date: Fri, 11 Aug 2000 13:58:24 -0700 From: Peter Wemm Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Dima Ruban wrote: > Christopher Masto writes: > > On Fri, Aug 11, 2000 at 02:29:37PM -0400, Chris D. Faulhaber wrote: > > > > > Don't build suidperl by default. Make users specifically enable it s > > > > > building. > > > > > > > > Umm.. isn't that a bit of a radical change? Any reason for it? > > > > > > Any reason against it? Given the security hole found under Linux and > > > potential problems of Yet Another Suid Binary, it seems a good > > > idea. Also, see the recent discussions on FreeBSD-security. > > > > The reason against it is that it's a standard part of Perl, and a very > > useful one. Without it, those who install from binary, or don't know > > to set this option, will not be able to run setuid Perl programs. > > Since Perl has some features specifically designed to aid in writing > > secure setuid programs, removing suidperl could actually cause a > > revenge effect and end up resulting in _more_ security holes. > > How do you see that resulting in _more_ security holes? > If /usr/bin/suidperl doesn't exist and some program referes to it, it will > give you "command not found" (or similar) message. Because people start writing setuid "#! /bin/suidsh -p" scripts instead. And that is outright suicidal as it is guaranteed exploitable. It is also the very reason that suidperl exists. Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message