From owner-freebsd-security  Thu Aug 10 20:31:14 2000
Delivered-To: freebsd-security@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP id E75A337BA6E
	for <freebsd-security@FreeBSD.ORG>; Thu, 10 Aug 2000 20:31:08 -0700 (PDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id VAA06375;
	Thu, 10 Aug 2000 21:31:06 -0600 (MDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id VAA31484; Thu, 10 Aug 2000 21:30:37 -0600 (MDT)
Message-Id: <200008110330.VAA31484@harmony.village.org>
To: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz>
Subject: Re: suidperl exploit 
Cc: freebsd-security@FreeBSD.ORG
In-reply-to: Your message of "Thu, 10 Aug 2000 19:29:31 +0200."
		<Pine.GSO.4.10.10008101904060.733-100000@nenya.ms.mff.cuni.cz> 
References: <Pine.GSO.4.10.10008101904060.733-100000@nenya.ms.mff.cuni.cz>  
Date: Thu, 10 Aug 2000 21:30:37 -0600
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <Pine.GSO.4.10.10008101904060.733-100000@nenya.ms.mff.cuni.cz> "Vladimir Mencl, MK, susSED" writes:
: I just came over the suidperl + mail vulnerability in Linux, and I was
: wondering whether it would work in FreeBSD.

Nope.  We're clean.  A fix from the perl folks that disables the
code.  The code did /bin/mail, but we don't have that, which is why
we're clean.

: I've not found any security advisory regarding this - can anybody
: comment on this? Has there be a silent fix to this?

No fix is needed.  You are safe.

However, we just committed some code to the tree that forces users to
specifically enable building and installing suidperl in the future.
We know of no exploitable holes in it today, why take the risk?  It
was present for only one utility in the system, and that was rewritten
in 'C'.

If you want to be extra careful, you can delete suidperl w/o harm.

So no advisory is needed.  This is a case where we need a
non-vulnerabilty alert :-).  Of course, such an alert is likely to
cause more problems than it would solve....

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message