From owner-freebsd-hackers  Mon Nov 25 01:56:30 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id BAA27569
          for hackers-outgoing; Mon, 25 Nov 1996 01:56:30 -0800 (PST)
Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id BAA26973;
          Mon, 25 Nov 1996 01:54:42 -0800 (PST)
Received: from sax.sax.de (sax.sax.de [193.175.26.33]) by irz301.inf.tu-dresden.de (8.6.12/8.6.12-s1) with ESMTP id KAA24416; Mon, 25 Nov 1996 10:53:52 +0100
Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id KAA10902; Mon, 25 Nov 1996 10:53:52 +0100
Received: (from j@localhost) by uriah.heep.sax.de (8.8.2/8.6.9) id KAA16780; Mon, 25 Nov 1996 10:47:58 +0100 (MET)
From: J Wunsch <j@uriah.heep.sax.de>
Message-Id: <199611250947.KAA16780@uriah.heep.sax.de>
Subject: Re: suidperl (v5.003) - Doesn't work, Any Tips?
To: ports@freebsd.org
Date: Mon, 25 Nov 1996 10:47:58 +0100 (MET)
Cc: hackers@freebsd.org, rhh@ct.picker.com (Randall Hopper)
In-Reply-To: <Mutt.19961124183746.rhh@elmer.ct.picker.com> from Randall Hopper at "Nov 24, 96 06:37:46 pm"
X-Phone: +49-351-2012 669
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E 
X-Mailer: ELM [version 2.4ME+ PL17 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

As Randall Hopper wrote:

>      I have a really simple setuid script that used to work with the perl
> 5.001 port.  I recently upgraded to 2.2-ALPHA and the 5.003 port, and it
> stopped working:
> 
>      #!/usr/local/bin/suidperl -w
> 
>      $ENV{'PATH'} = '/bin:/usr/bin:/usr/sbin:/sbin';
>      exec( "/sbin/mount /zip" );
> 
> It just dumps out without any errors at all.

This looks as if somebody stupidly assumed the Perl gods are DingTRT.
They aren't.  The entire suidperl patches for BSD they've been
emitting don't work.  The only thing that works is dropping support
for Posix saved IDs (which was the source of the known suidperl evil
in the first place), and use a similar configuration as the Perl4 in
the base code uses.  /usr/bin/suidperl _does_ work, and it's believed
to not have the recent security hole.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)