From owner-freebsd-questions  Thu Jan  3 11:27:40 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from ptavv.es.net (ptavv.es.net [198.128.4.29])
	by hub.freebsd.org (Postfix) with ESMTP id 6452337B419
	for <freebsd-questions@FreeBSD.ORG>; Thu,  3 Jan 2002 11:27:36 -0800 (PST)
Received: from ptavv.es.net (localhost [127.0.0.1])
	by ptavv.es.net (8.10.1/8.10.1) with ESMTP id g03JQFd04599;
	Thu, 3 Jan 2002 11:26:15 -0800 (PST)
Message-Id: <200201031926.g03JQFd04599@ptavv.es.net>
To: Devdas Bhagat <devdas@worldgatein.net>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Setuid. 
In-reply-to: Your message of "Fri, 04 Jan 2002 01:49:21 +0530."
             <20020104014921.G3077@rivendell.worldgatein.net> 
Date: Thu, 03 Jan 2002 11:26:14 -0800
From: "Kevin Oberman" <oberman@es.net>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

> Date: Fri, 4 Jan 2002 01:49:21 +0530
> From: Devdas Bhagat <devdas@worldgatein.net>
> Sender: owner-freebsd-questions@FreeBSD.ORG
> 
> On 03/01/02 09:32 -0800, Milo Hyson wrote:
> <snip>
> > Actually, I would like to know a decent solution to this issue. I often need 
> > SUID Perl scripts myself, and I don't want to have to disable security 
> > features or resort to a C wrapper.
> Linux has this concept called suidperl, which is supposed to be enabled
> for suid scripts. Is there an equivalent in FreeBSD?

Actually, suidperl is an optional part of Perl and not Linux
related. Linux uses suidperl while most (all?) BSDs disable this
capability by default due to security concerns. No reason you can't
enable it, but be aware that you may easily open security holes this
way and be VERY careful with it.

To enable suidperl, add the line:
ENABLE_SUIDPERL=       true
to /etc/make.conf. If your system lacks this file, create it with the
single line. Then re-build your system. It will build with suidperl.

(Why do I suspect a query about re-building will be popping up soon?)

R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net			Phone: +1 510 486-8634

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message