Date: Thu, 4 Jul 2002 15:14:13 +0300 From: Peter Pentchev <roam@ringlet.net> To: Tim Robbins <tjr@FreeBSD.ORG> Cc: Akinori MUSHA <knu@iDaemons.org>, audit@FreeBSD.ORG Subject: Re: suidperl Message-ID: <20020704121413.GB382@straylight.oblivion.bg> In-Reply-To: <20020704221031.A53275@dilbert.robbins.dropbear.id.au> References: <86sn2zpzmp.wl@daemon.musha.org> <20020704221031.A53275@dilbert.robbins.dropbear.id.au>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Thu, Jul 04, 2002 at 10:10:31PM +1000, Tim Robbins wrote:
> On Thu, Jul 04, 2002 at 07:15:58PM +0900, Akinori MUSHA wrote:
>
> > Index: src/usr.bin/suidperl/Makefile
> > ===================================================================
> > RCS file: src/usr.bin/suidperl/Makefile
> > diff -N src/usr.bin/suidperl/Makefile
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ src/usr.bin/suidperl/Makefile 4 Jul 2002 10:08:12 -0000
> > @@ -0,0 +1,15 @@
> > +# $FreeBSD$
> > +
> > +.PATH: ${.CURDIR}/../perl
> > +
> > +PROG= suidperl
> > +SRCS= perl.c
> > +NOMAN=
> > +WARNS?= 6
> > +
> > +BINOWN= root
> > +.if defined(ENABLE_SUIDPERL)
> > +BINMODE=4555
> > +.endif
>
> This is unsafe:
>
> $ ln -s /bin/sh /tmp/perl
> $ env PATH=/tmp:$PATH /usr/bin/perl
> # id
> uid=1001(tim) euid=0(root) gid=1001(tim) groups=1001(tim), 0(wheel)
Are you sure that you do not have suidperl still hardlinked to 'perl',
exactly the hardlink that the first part of knu's patch removes? :)
G'luck,
Peter
--
Peter Pentchev roam@ringlet.net roam@FreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
If I had finished this sentence,
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iD8DBQE9JDwU7Ri2jRYZRVMRAsXPAKCf2t/KhMx1ksgl3bdDt3frUxOWpQCfZSdl
hI4/MWrrRtmDYpS5oCux2Ds=
=Gugd
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020704121413.GB382>