From owner-cvs-gnu Sat Mar 1 05:20:19 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id FAA04647 for cvs-gnu-outgoing; Sat, 1 Mar 1997 05:20:19 -0800 (PST) Received: from spinner.DIALix.COM (spinner.DIALix.COM [192.203.228.67]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id FAA04606; Sat, 1 Mar 1997 05:19:47 -0800 (PST) Received: from spinner.DIALix.COM (localhost.DIALix.oz.au [127.0.0.1]) by spinner.DIALix.COM (8.8.5/8.8.5) with ESMTP id VAA07325; Sat, 1 Mar 1997 21:19:20 +0800 (WST) Message-Id: <199703011319.VAA07325@spinner.DIALix.COM> X-Mailer: exmh version 2.0gamma 1/27/96 To: Joerg Wunsch cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-gnu@freefall.freebsd.org Subject: Re: cvs commit: src/gnu/usr.bin/perl/perl perl.c perl.h In-reply-to: Your message of "Sat, 01 Mar 1997 04:58:52 PST." <199703011258.EAA04179@freefall.freebsd.org> Date: Sat, 01 Mar 1997 21:19:18 +0800 From: Peter Wemm Sender: owner-cvs-gnu@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Joerg Wunsch wrote: > joerg 97/03/01 04:58:50 > > Modified: gnu/usr.bin/perl/perl perl.c perl.h > Log: > Plug an old security hole: suidperl didn't honor MNT_NOSUID. > > Strong 2.2 and 2.1.x candidate. Someone should review the patch before, > however. > > The maintainer of the Perl5 port should probably introduce a similar patch > there. Perhaps we should implement the missing parts of imgact_script so that it can implement setuid interpreter scripts.. Perl can then do away with suid_perl and all the baggage that goes with it. By "missing parts", I mean support for using /dev/fd/xx to access the script without races. Cheers, -Peter