From owner-cvs-all Fri Aug 11 14: 9:52 2000 Delivered-To: cvs-all@freebsd.org Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194]) by hub.freebsd.org (Postfix) with ESMTP id 12A0D37BC0F; Fri, 11 Aug 2000 14:09:44 -0700 (PDT) (envelope-from nbm@sunesi.net) Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1) id 13NM3C-000FKu-00; Fri, 11 Aug 2000 23:09:10 +0200 Date: Fri, 11 Aug 2000 23:09:10 +0200 From: Neil Blakey-Milner To: Dima Ruban Cc: Peter Wemm , Christopher Masto , "Chris D. Faulhaber" , Warner Losh , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile Message-ID: <20000811230910.A58926@mithrandr.moria.org> References: <200008112058.NAA92441@netplex.com.au> <200008112102.OAA19233@sivka.rdy.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <200008112102.OAA19233@sivka.rdy.com>; from dima@rdy.com on Fri, Aug 11, 2000 at 02:02:13PM -0700 Organization: Sunesi Clinical Systems X-Operating-System: FreeBSD 3.3-RELEASE i386 X-URL: http://rucus.ru.ac.za/~nbm/ Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri 2000-08-11 (14:02), Dima Ruban wrote: > > > How do you see that resulting in _more_ security holes? > > > If /usr/bin/suidperl doesn't exist and some program referes to it, it will > > > give you "command not found" (or similar) message. > > > > Because people start writing setuid "#! /bin/suidsh -p" scripts instead. > > And that is outright suicidal as it is guaranteed exploitable. It is also > > the very reason that suidperl exists. > > Following that logic people will nuke /usr/bin/su and replace it with suid to > root shell. People don't do it. They aren't _that_ stupid. If you didn't provide su, they would. That's the point. Neil -- Neil Blakey-Milner Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message