From owner-freebsd-questions  Thu Jun 27 06:11:02 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id GAA23323
          for questions-outgoing; Thu, 27 Jun 1996 06:11:02 -0700 (PDT)
Received: from starfire.mn.org (root@starfire.skypoint.net [199.86.32.187])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id GAA23318
          for <questions@FreeBSD.org>; Thu, 27 Jun 1996 06:10:58 -0700 (PDT)
From: john@starfire.mn.org
Received: (from john@localhost)
	by starfire.mn.org (8.6.12/1.1)  id IAA19415
	for questions@FreeBSD.org; Thu, 27 Jun 1996 08:10:55 -0500
Message-Id: <199606271310.IAA19415@starfire.mn.org>
Subject: Regarding CERT Advisory CA-96.12 - Vulnerability in suidperl
To: questions@FreeBSD.org (FreeBSD questions)
Date: Thu, 27 Jun 1996 08:10:54 -0500 (CDT)
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-questions@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

What is the full story on this for FreeBSD?  I see that sperl/suidperl
is installed both as part of the standard system and in the Perl 5 add-on
packages.  As I understand it, it is only used to try to work around some
kernel race condition involving setuid and setgid scripts.  Do we have
that problem?  Do we even need the sperl/suidperl pieces?

Even though FreeBSD has been represented other CERT announcements, and
even though Linux was still represented in this one, FreeBSD was not.

Please include my e-mail address in your reply, as I do not subscribe
to this list.

		   John Lind, Starfire Consulting Services
E-mail: john@starfire.MN.ORG		USnail: PO Box 17247, Mpls MN  55417