Date: Sat, 01 Mar 1997 21:19:18 +0800 From: Peter Wemm <peter@spinner.DIALix.COM> To: Joerg Wunsch <joerg@freefall.freebsd.org> Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-gnu@freefall.freebsd.org Subject: Re: cvs commit: src/gnu/usr.bin/perl/perl perl.c perl.h Message-ID: <199703011319.VAA07325@spinner.DIALix.COM> In-Reply-To: Your message of "Sat, 01 Mar 1997 04:58:52 PST." <199703011258.EAA04179@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Joerg Wunsch wrote: > joerg 97/03/01 04:58:50 > > Modified: gnu/usr.bin/perl/perl perl.c perl.h > Log: > Plug an old security hole: suidperl didn't honor MNT_NOSUID. > > Strong 2.2 and 2.1.x candidate. Someone should review the patch before, > however. > > The maintainer of the Perl5 port should probably introduce a similar patch > there. Perhaps we should implement the missing parts of imgact_script so that it can implement setuid interpreter scripts.. Perl can then do away with suid_perl and all the baggage that goes with it. By "missing parts", I mean support for using /dev/fd/xx to access the script without races. Cheers, -Peter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703011319.VAA07325>