Date: Tue, 3 Jun 1997 12:56:05 -0500 (CDT) From: "Paul T. Root" <proot@horton.iaces.com> To: shovey@buffnet.net (Steve) Cc: perl@netmug.org, freebsd-questions@FreeBSD.ORG Subject: Re: Security problem with FreeBSD 2.2.1 default installation Message-ID: <199706031756.MAA18425@horton.iaces.com> In-Reply-To: <Pine.BSI.3.95.970603081844.22117K-100000@buffnet11.buffnet.net> from Steve at "Jun 3, 97 08:18:55 am"
next in thread | previous in thread | raw e-mail | index | archive | help
In a previous message, Steve said: > > Delete it - you should not have a need for suidperl I use suidperl. This is a new problem. The CERT advisory came out May 29. Go ahead and delete it. Also, if you have installed perl5 you'll need to delete the perl5 setuid program in /usr/local/bin. If you need suidperl, you'll need to get Perl5.004 and compile it yourself. Paul. > On Mon, 2 Jun 1997, Michael Haro wrote: > > Hi, yesterday one of my users gained root access to my system. > > They did it by exploiting a bug in /usr/bin/sperl4* > > Why does FreeBSD ship with a security hole? Is this a new one that you didn't > > know about? How can I remedy the problem? Right now, I deleted the file from > > the server. I am new to FreeBSD and would like to know how to fix it. > > > > Thanks, > > Michael perl@netmug.org > > > > > -- You cannot achieve the impossible without attempting the absurd.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706031756.MAA18425>