From owner-freebsd-audit  Thu Jul  4  5:51:31 2002
Delivered-To: freebsd-audit@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 23C4337B401
	for <audit@FreeBSD.ORG>; Thu,  4 Jul 2002 05:51:30 -0700 (PDT)
Received: from dilbert.robbins.dropbear.id.au (215.c.011.mel.iprimus.net.au [210.50.218.215])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6562A43E09
	for <audit@FreeBSD.ORG>; Thu,  4 Jul 2002 05:51:28 -0700 (PDT)
	(envelope-from tim@robbins.dropbear.id.au)
Received: from dilbert.robbins.dropbear.id.au (tim@localhost [127.0.0.1])
	by dilbert.robbins.dropbear.id.au (8.12.3/8.12.3) with ESMTP id g64CpQcT055224;
	Thu, 4 Jul 2002 22:51:26 +1000 (EST)
	(envelope-from tim@dilbert.robbins.dropbear.id.au)
Received: (from tim@localhost)
	by dilbert.robbins.dropbear.id.au (8.12.3/8.12.3/Submit) id g64CoAGY055169;
	Thu, 4 Jul 2002 22:50:10 +1000 (EST)
Date: Thu, 4 Jul 2002 22:50:09 +1000
From: Tim Robbins <tjr@FreeBSD.ORG>
To: Peter Pentchev <roam@ringlet.net>
Cc: Akinori MUSHA <knu@iDaemons.org>, audit@FreeBSD.ORG
Subject: Re: suidperl
Message-ID: <20020704225009.A54167@dilbert.robbins.dropbear.id.au>
References: <86sn2zpzmp.wl@daemon.musha.org> <20020704221031.A53275@dilbert.robbins.dropbear.id.au> <20020704121413.GB382@straylight.oblivion.bg>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020704121413.GB382@straylight.oblivion.bg>; from roam@ringlet.net on Thu, Jul 04, 2002 at 03:14:13PM +0300
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG

On Thu, Jul 04, 2002 at 03:14:13PM +0300, Peter Pentchev wrote:

> Are you sure that you do not have suidperl still hardlinked to 'perl',
> exactly the hardlink that the first part of knu's patch removes? :)

I just turned on the suid bit on /usr/bin/perl to test. The code in
src/usr.bin/perl/perl.c isn't safe to run suid (or any time the effective user
does not trust whoever set the PATH variable) because it runs arbitrary
programs from directories in PATH.

In any case, the way /usr/bin/perl relies on PATH to find the interpreter
is unsafe to a lesser degree even with the suid bit turned off.


Tim

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message