Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 18 Apr 2005 18:48:37 +0600 (YEKST)
From:      "Sergey N. Voronkov" <serg@tmn.ru>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/80069: lang/perl5.8 doesn't make a valid symlink to suidperl
Message-ID:  <200504181248.j3ICmbvK078968@sv.tech.sibitex.tmn.ru>
Resent-Message-ID: <200504181250.j3ICo2Dd012009@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         80069
>Category:       ports
>Synopsis:       lang/perl5.8 doesn't make a valid symlink to suidperl
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 18 12:50:01 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Sergey N. Voronkov
>Release:        FreeBSD 5.4-RC2 i386
>Organization:
Sibitex JSC
>Environment:
System: FreeBSD sv.tech.sibitex.tmn.ru 5.4-RC2 FreeBSD 5.4-RC2 #1: Fri Apr 15 12:42:01 YEKST 2005 serg@sv.tech.sibitex.tmn.ru:/usr/obj/usr/src/sys/SV i386
>Description:
	use.perl doesn't make a valid symlink to suidperl in /usr/bin.

	According to perl584delta:
	<CITE>
       suidperl less insecure

       Paul Szabo has analysed and patched "suidperl" to remove existing known
       insecurities. Currently there are no known holes in "suidperl", but
       previous experience shows that we cannot be confident that these were
       the last. You may no longer invoke the set uid perl directly, so to
       preserve backwards compatibility with scripts that invoke
       #!/usr/bin/suidperl the only set uid binary is now "sperl5.8."n
       ("sperl5.8.4" for this release). "suidperl" is installed as a hard link
       to "perl"; both "suidperl" and "perl" will invoke "sperl5.8.4" automat-
       ically the set uid binary, so this change should be completely trans-
       parent.
	</CITE>

	It is much more accurate to:

	ln -sf /usr/local/sbin/suidperl /usr/bin/suidperl

>How-To-Repeat:
	make ENABLE_SUIDPERL=yes install

	Try to run anything suidperl...
>Fix:

--- use.perl.org	Mon Apr 18 18:30:50 2005
+++ use.perl	Mon Apr 18 18:42:13 2005
@@ -133,12 +133,14 @@
 			echo "    Removing /usr/bin/$binary"
 		fi
 		bin=`echo $binary | /usr/bin/sed -e 's!perl5!perl!'`
-		bin=`echo $bin | /usr/bin/sed -e 's!suidperl!sperl!'`
 		if [ -e "/usr/bin/$binary.XXX" ] ; then
 			echo "    *** /usr/bin/$binary is still there, which should not happen"
 		elif [ -e "$PKG_PREFIX/bin/${bin}%%PERL_VERSION%%" ] ; then
 			echo "    Symlinking $PKG_PREFIX/bin/${bin}%%PERL_VERSION%% to /usr/bin/$binary"
 			/bin/ln -sf "$PKG_PREFIX/bin/${bin}%%PERL_VERSION%%" "/usr/bin/$binary"
+		elif [ -e "$PKG_PREFIX/bin/${bin}" ] ; then
+			echo "    Symlinking $PKG_PREFIX/bin/${bin} to /usr/bin/$binary"
+			/bin/ln -sf "$PKG_PREFIX/bin/${bin}" "/usr/bin/$binary"
 		else
 			echo "    *** $PKG_PREFIX/bin/${bin}%%PERL_VERSION%% is not there, a symlink won't do any good"
 		fi
@@ -168,8 +170,11 @@
 			echo "    *** /usr/bin/$binary is there, which should not happen"
 		else
 			bin=`echo $binary | /usr/bin/sed -e 's!perl5!perl!'`
-			bin=`echo $bin | /usr/bin/sed -e 's!suidperl!sperl!'`
-			bins=`/bin/ls /usr/bin/${bin}5.* 2>/dev/null | /usr/bin/sort`
+			if [ ${bin} != "suidperl" ] ; then
+				bins=`/bin/ls /usr/bin/${bin}5.* 2>/dev/null | /usr/bin/sort`
+			else
+				bins=`/bin/ls /usr/bin/${bin} 2>/dev/null | /usr/bin/sort`
+			fi
 			bin=""
 			for b in $bins
 			do


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504181248.j3ICmbvK078968>