From owner-freebsd-audit  Thu Jul  4  8:35:13 2002
Delivered-To: freebsd-audit@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id C296037B400; Thu,  4 Jul 2002 08:35:11 -0700 (PDT)
Received: from mail.musha.org (daemon.musha.org [218.44.187.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 64FFA43E09; Thu,  4 Jul 2002 08:35:10 -0700 (PDT)
	(envelope-from knu@iDaemons.org)
Received: from daemon.musha.org (daemon.local.idaemons.org [192.168.1.1])
	by mail.musha.org (Postfix) with ESMTP
	id D25224D801; Fri,  5 Jul 2002 00:35:04 +0900 (JST)
Date: Fri, 05 Jul 2002 00:35:04 +0900
Message-ID: <86r8ijpkuv.wl@daemon.musha.org>
From: "Akinori MUSHA" <knu@iDaemons.org>
To: Tim Robbins <tjr@FreeBSD.ORG>
Cc: Peter Pentchev <roam@ringlet.net>, audit@FreeBSD.ORG
Subject: Re: suidperl
In-Reply-To: <20020704225009.A54167@dilbert.robbins.dropbear.id.au>
References: <86sn2zpzmp.wl@daemon.musha.org>
	<20020704221031.A53275@dilbert.robbins.dropbear.id.au>
	<20020704121413.GB382@straylight.oblivion.bg>
User-Agent: Wanderlust/2.9.13 (Unchained Melody) SEMI/1.14.4 (Hosorogi) LIMIT/1.14.7 (Fujiidera) APEL/10.3 Emacs/21.2 (i386--freebsd) MULE/5.0 (SAKAKI)
Organization: Associated I. Daemons
X-PGP-Public-Key: finger knu@FreeBSD.org
X-PGP-Fingerprint: 081D 099C 1705 861D 4B70  B04A 920B EFC7 9FD9 E1EE
MIME-Version: 1.0 (generated by SEMI 1.14.4 - "Hosorogi")
Content-Type: text/plain; charset=US-ASCII
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG

At Thu, 4 Jul 2002 22:50:09 +1000,
Tim Robbins wrote:
> In any case, the way /usr/bin/perl relies on PATH to find the interpreter
> is unsafe to a lesser degree even with the suid bit turned off.

Indeed.  We must add the same check that the real suidperl has to the
wrapper.

By the way, do we really need a perl wrapper in the first place? I
suppose we can tweak ports/lang/perl5 to create symlinks (for example)
when NO_PERL_SYMLINKS is not defined.

-- 
                     /
                    /__  __            Akinori.org / MUSHA.org
                   / )  )  ) )  /     FreeBSD.org / Ruby-lang.org
Akinori MUSHA aka / (_ /  ( (__(  @ iDaemons.org / and.or.jp

"When I leave I don't know what I'm hoping to find
              When I leave I don't know what I'm leaving behind.."

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message