From owner-freebsd-security Tue Jun 3 20:28:03 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id UAA15905 for security-outgoing; Tue, 3 Jun 1997 20:28:03 -0700 (PDT) Received: from homeport.org (lighthouse.homeport.org [205.136.65.198]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id UAA15869 for ; Tue, 3 Jun 1997 20:27:56 -0700 (PDT) Received: (adam@localhost) by homeport.org (8.8.5/8.6.9) id XAA27060; Tue, 3 Jun 1997 23:22:34 -0400 (EDT) From: Adam Shostack Message-Id: <199706040322.XAA27060@homeport.org> Subject: Re: Security problem with FreeBSD 2.2.1 default installation In-Reply-To: <199706031731.LAA02257@elara.frii.com> from "gnat@frii.com" at "Jun 3, 97 11:31:31 am" To: gnat@frii.com Date: Tue, 3 Jun 1997 23:22:34 -0400 (EDT) Cc: freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL27 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk gnat@frii.com wrote: | My standard installation process is now to: | | - build and install perl5.004 with a suidperl into /usr/local Why install setuid perl by default? (My personal feeling is that perl, while wonderful, is too big to be trustworthy. Use a C wrapper to strip the environment, and call the perl script with a "checked against the ok" list of arguments.) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume