From owner-cvs-all Fri Aug 11 14:20:10 2000 Delivered-To: cvs-all@freebsd.org Received: from netplex.com.au (adsl-63-207-30-186.dsl.snfc21.pacbell.net [63.207.30.186]) by hub.freebsd.org (Postfix) with ESMTP id EA85437B5B1; Fri, 11 Aug 2000 14:20:03 -0700 (PDT) (envelope-from peter@netplex.com.au) Received: from netplex.com.au (peter@localhost [127.0.0.1]) by netplex.com.au (8.9.3/8.9.3) with ESMTP id OAA92620; Fri, 11 Aug 2000 14:19:44 -0700 (PDT) (envelope-from peter@netplex.com.au) Message-Id: <200008112119.OAA92620@netplex.com.au> X-Mailer: exmh version 2.1.1 10/15/1999 To: Neil Blakey-Milner Cc: Warner Losh , Christopher Masto , "Chris D. Faulhaber" , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile In-Reply-To: <20000811231343.A58966@mithrandr.moria.org> Date: Fri, 11 Aug 2000 14:19:43 -0700 From: Peter Wemm Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Neil Blakey-Milner wrote: > On Fri 2000-08-11 (14:03), Peter Wemm wrote: > > Actually.. How does this sound: > > > > cat /usr/bin/suidperl > > #! /bin/sh > > echo "suidperl is not installed by default. blah blah danger etc. try:" > > echo "cp /usr/bin/suidperl.real /usr/bin/suidperl" > > echo "chmod 6111 /usr/bin/suidperl" > > exit 1 > > > > and install suidperl as /usr/bin/suidperl.real with mode 444. Only install > > the suidperl wrapper into /usr/bin if it is not already there. That > > stops POLA by preventing blowing away a real /usr/bin/suidperl. > > > > If ENABLE_SUIDPERL is active, then unconditionally install suidperl in > > /usr/bin/suidperl with the correct modes. > > #!/bin/sh > if [ -u /usr/libexec/suidperl ]; then > exec /usr/libexec/suidperl > fi > > echo "suidperl is not installed with suid privilege by default" > echo "If you know what you're doing, type chmod 4755 /usr/libexec/suidperl" > exit 1 That will not fly - perl's internal sanity checks will catch that. Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message