From owner-freebsd-security  Thu Jun 27 16:46:10 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id QAA07706
          for security-outgoing; Thu, 27 Jun 1996 16:46:10 -0700 (PDT)
Received: from maelstrom.Berkeley.EDU (maelstrom-ether.Berkeley.EDU [128.32.191.86])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id QAA07701
          for <freebsd-security@FreeBSD.ORG>; Thu, 27 Jun 1996 16:46:06 -0700 (PDT)
Received: (from mconst@localhost) by maelstrom.Berkeley.EDU (8.6.12/8.6.12) id QAA28812; Thu, 27 Jun 1996 16:45:45 -0700
Date: Thu, 27 Jun 1996 16:45:45 -0700
From: Michael Constant <mconst@typhoon-ether.Berkeley.EDU>
Message-Id: <199606272345.QAA28812@maelstrom.Berkeley.EDU>
To: guido@gvr.win.tue.nl, root@edmweb.com
Subject: Re: CERT Advisory CA-96.12 - Vulnerability in suidperl (fwd)
Cc: freebsd-security@FreeBSD.ORG
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> I'm using FreeBSD 2.1.0-RELEASE. Is it sufficent to remove the suid bit 
> from the suidperl binaries? Or do I also have to search for scripts with 
> the suid bit?

Removing the setuid bit from the binaries is all you need.  The kernel
ignores the setuid bit on scripts -- that's why suidperl is necessary in
the first place.

	- Michael Constant