From owner-freebsd-security  Thu Aug 10 13:52:25 2000
Delivered-To: freebsd-security@freebsd.org
Received: from kronus.com.br (dial-bhn-C8C0B41B.bhz.zaz.com.br [200.192.180.27])
	by hub.freebsd.org (Postfix) with ESMTP id A482837B616
	for <freebsd-security@FreeBSD.ORG>; Thu, 10 Aug 2000 13:52:20 -0700 (PDT)
	(envelope-from cseg@kronus.com.br)
Received: by torment.secfreak.com (Postfix, from userid 1000)
	id 6F24A47B67; Thu, 10 Aug 2000 17:56:30 -0300 (EST)
Date: Thu, 10 Aug 2000 17:56:30 -0300
From: Fred Souza <cseg@kronus.com.br>
To: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: suidperl exploit
Message-ID: <20000810175630.A4754@torment.secfreak.com>
References: <Pine.GSO.4.10.10008101904060.733-100000@nenya.ms.mff.cuni.cz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: Your message of "Thu, Aug 10 2000 19:29:31 +0200"
	     <Pine.GSO.4.10.10008101904060.733-100000@nenya.ms.mff.cuni.cz>
X-Note: \x70\x73\x79\x63\x68
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> On FreeBSD, I've not observed the reporting email even after a fair
> amount of time devoted to cause the race-condition.
> 
> 
> Either because I've not succeeded in causing it, or because suidperl
> avoids reporting the issue.
> 
> 
> I've not found any security advisory regarding this - can anybody
> comment on this? Has there be a silent fix to this?

  This is due to the fact that "/bin/mail" is hard-coded in Perl, and FreeBSD
  uses /usr/bin/mail.  The only way for it to work would be creating a link
  /bin/mail -> /usr/bin/mail, which would be extremely pointless and the admin
  who did that should be really hurt. :)

  The other way for it would be someone else creating that link, which would
  imply that the system has already been compromised -- Therefore, why would
  the intruder want to "recompromise" the system using that exploit?  The only
  "reason" I can think of, is to "keep a way back", if he/she gets caught be
  the sysadm.


-- 
"The most difficult thing in the world is to know how to do a thing and
to watch someone else do it wrong without comment."
                -- Theodore H. White


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message