Date: Tue, 3 Jun 1997 20:17:10 +0200 (MET DST) From: Matthias Buelow <token@wicx50.informatik.uni-wuerzburg.de> To: ghelmer@cs.iastate.edu (Guy Helmer) Cc: freebsd-security@freebsd.org Subject: Re: Security problem with FreeBSD 2.2.1 default installation Message-ID: <199706031817.UAA25322@wicx20.informatik.uni-wuerzburg.de> In-Reply-To: <Pine.HPP.3.96.970603130216.9365B-100000@popeye.cs.iastate.edu> from "Guy Helmer" at Jun 3, 97 01:07:33 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> In fairness, I think there were patches in FreeBSD's perl for the earlier > sperl vulnerability having to do with seteuid/setegid (see FreeBSD > SA-96:12 from June 1996 at > ftp://freebsd.org/pub/CERT/advisories/FreeBSD-SA-96%3A12.perl.asc). > > The newly-fixed problems have to do with buffer overflows. Well, I generally find it questionable to have such a huge program like the Perl interpreter installed as setuid/gid. You really can't control what's going on in those many 10KLOC, I dare to say that there are a lot of other security problems waiting for discovery in it. I'd rather NOT have an s-bit on this thingy as default.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706031817.UAA25322>