From owner-freebsd-hackers  Fri Aug  1 18:28:30 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id SAA24057
          for hackers-outgoing; Fri, 1 Aug 1997 18:28:30 -0700 (PDT)
Received: from time.cdrom.com (root@time.cdrom.com [204.216.27.226])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id SAA24052
          for <hackers@FreeBSD.ORG>; Fri, 1 Aug 1997 18:28:27 -0700 (PDT)
Received: from time.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1]) by time.cdrom.com (8.8.6/8.6.9) with ESMTP id SAA09163; Fri, 1 Aug 1997 18:27:32 -0700 (PDT)
To: Tom Samplonius <tom@sdf.com>
cc: Ben Black <black@zen.cypher.net>, Sergio Lenzi <lenzi@bsi.com.br>,
        hackers@FreeBSD.ORG
Subject: Re: security hole on FreeBSD 2.2.2 
In-reply-to: Your message of "Fri, 01 Aug 1997 17:18:48 PDT."
             <Pine.BSF.3.95q.970801171806.8042B-100000@misery.sdf.com> 
Date: Fri, 01 Aug 1997 18:27:32 -0700
Message-ID: <9160.870485252@time.cdrom.com>
From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

>   But what the hell is superl?  I don't think it comes with 2.2.2.

I think he meant sperl, e.g. suidperl.  Trusting perl to run as
root strikes me as horrendously risky in any case, and perhaps
it's time for us to just turn the damn thing off.  The next bug
is only a security advisory away, I'm sure.

					Jordan