Date: Tue, 10 Jun 1997 11:04:17 -0600 From: Warner Losh <imp@village.org> To: Guy Helmer <ghelmer@cs.iastate.edu> Cc: Michael Haro <perl@netmug.org>, freebsd-security@freebsd.org Subject: Re: Security problem with FreeBSD 2.2.1 default installation Message-ID: <E0wbULB-0001Fg-00@rover.village.org> In-Reply-To: Your message of "Tue, 03 Jun 1997 10:29:16 CDT." <Pine.HPP.3.96.970603101840.16150E-100000@sunfire.cs.iastate.edu> References: <Pine.HPP.3.96.970603101840.16150E-100000@sunfire.cs.iastate.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.HPP.3.96.970603101840.16150E-100000@sunfire.cs.iastate.edu> Guy Helmer writes: : See the CERT Advisory CA-97.17 (sperl) for this problem at : : ftp://info.cert.org/pub/cert_advisories/CA-97.17.sperl : : dated May 29, 1997. It would not have been known at the time FreeBSD : 2.2.1 (or 2.2.2, for that matter) was released. This bug was fixed in the sources of 2.2 2.1 and -current on May 20, after the 2.2.2 release. Since Perl 4 is way way way unsupported by the Perl community, I just patched the exploit that caused the program I was using to get root. I didn't audit all of Perl 4 to make sure it was cool. Since perl 5 seems to be moving into the source tree, this may become a non-issue. Guy's advise is excellent: Disable sperl unless you have a specific need for it. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0wbULB-0001Fg-00>