From owner-freebsd-security  Tue Jun  3 11:08:17 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id LAA13084
          for security-outgoing; Tue, 3 Jun 1997 11:08:17 -0700 (PDT)
Received: from cs.iastate.edu (cs.iastate.edu [129.186.3.1])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA13079
          for <freebsd-security@FreeBSD.ORG>; Tue, 3 Jun 1997 11:08:14 -0700 (PDT)
Received: from popeye.cs.iastate.edu (popeye.cs.iastate.edu [129.186.3.4]) by cs.iastate.edu (8.8.5/8.7.1) with ESMTP id NAA26375; Tue, 3 Jun 1997 13:07:34 -0500 (CDT)
Received: from localhost (ghelmer@localhost) by popeye.cs.iastate.edu (8.8.5/8.7.1) with SMTP id NAA10317; Tue, 3 Jun 1997 13:07:35 -0500 (CDT)
X-Authentication-Warning: popeye.cs.iastate.edu: ghelmer owned process doing -bs
Date: Tue, 3 Jun 1997 13:07:33 -0500 (CDT)
From: Guy Helmer <ghelmer@cs.iastate.edu>
To: Matthias Buelow <token@wicx50.informatik.uni-wuerzburg.de>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: Security problem with FreeBSD 2.2.1 default installation
In-Reply-To: <199706031651.SAA24768@wicx20.informatik.uni-wuerzburg.de>
Message-ID: <Pine.HPP.3.96.970603130216.9365B-100000@popeye.cs.iastate.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Tue, 3 Jun 1997, Matthias Buelow wrote:

> > I just checked the bugtraq archives and found an exploit for sperl4.036
> > and sperl 5.00x on FreeBSD was posted April 21!
> 
> I was already wondering when I freshly installed 2.1.5 half a year ago that
> sperl 4.x was still setuid (I remember that Perl's unsafety was already
> known at least when I was still running 2.1.0 and I also remember some old
> CERT advisories mentioning freebsd ages ago).  Since then it has become
> routine for me to chmod 0 sperl/setuidperl etc. and I'm really wondering
> how there could be people left who don't know of that ancient hole?  I mean,
> even some of my clueless Linux friends know about the sperl vulnerability. ;)

In fairness, I think there were patches in FreeBSD's perl for the earlier
sperl vulnerability having to do with seteuid/setegid (see FreeBSD
SA-96:12 from June 1996 at
ftp://freebsd.org/pub/CERT/advisories/FreeBSD-SA-96%3A12.perl.asc). 

The newly-fixed problems have to do with buffer overflows.

Guy Helmer, Computer Science Grad Student, Iowa State - ghelmer@cs.iastate.edu
http://www.cs.iastate.edu/~ghelmer