From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Apr 18 12:50:02 2005 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9612316A4CE for ; Mon, 18 Apr 2005 12:50:02 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 53CDD43D4C for ; Mon, 18 Apr 2005 12:50:02 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j3ICo2tY012010 for ; Mon, 18 Apr 2005 12:50:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j3ICo2Dd012009; Mon, 18 Apr 2005 12:50:02 GMT (envelope-from gnats) Resent-Date: Mon, 18 Apr 2005 12:50:02 GMT Resent-Message-Id: <200504181250.j3ICo2Dd012009@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Sergey N. Voronkov" Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4812716A4CE for ; Mon, 18 Apr 2005 12:48:42 +0000 (GMT) Received: from sbtx.tmn.ru (sbtx.tmn.ru [212.76.160.49]) by mx1.FreeBSD.org (Postfix) with ESMTP id 904B943D1D for ; Mon, 18 Apr 2005 12:48:40 +0000 (GMT) (envelope-from serg@tmn.ru) Received: from sv.tech.sibitex.tmn.ru (sv.tech.sibitex.tmn.ru [10.76.160.59]) by sbtx.tmn.ru (8.13.3/8.13.3) with ESMTP id j3ICmbTw088223 for ; Mon, 18 Apr 2005 18:48:38 +0600 (YEKST) (envelope-from serg@tmn.ru) Received: from sv.tech.sibitex.tmn.ru (localhost.tech.sibitex.tmn.ru [127.0.0.1])j3ICmbYL078969 for ; Mon, 18 Apr 2005 18:48:37 +0600 (YEKST) (envelope-from serg@sv.tech.sibitex.tmn.ru) Received: (from serg@localhost) by sv.tech.sibitex.tmn.ru (8.13.3/8.13.3/Submit) id j3ICmbvK078968; Mon, 18 Apr 2005 18:48:37 +0600 (YEKST) (envelope-from serg) Message-Id: <200504181248.j3ICmbvK078968@sv.tech.sibitex.tmn.ru> Date: Mon, 18 Apr 2005 18:48:37 +0600 (YEKST) From: "Sergey N. Voronkov" To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/80069: lang/perl5.8 doesn't make a valid symlink to suidperl X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Sergey N. Voronkov" List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Apr 2005 12:50:02 -0000 >Number: 80069 >Category: ports >Synopsis: lang/perl5.8 doesn't make a valid symlink to suidperl >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Apr 18 12:50:01 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Sergey N. Voronkov >Release: FreeBSD 5.4-RC2 i386 >Organization: Sibitex JSC >Environment: System: FreeBSD sv.tech.sibitex.tmn.ru 5.4-RC2 FreeBSD 5.4-RC2 #1: Fri Apr 15 12:42:01 YEKST 2005 serg@sv.tech.sibitex.tmn.ru:/usr/obj/usr/src/sys/SV i386 >Description: use.perl doesn't make a valid symlink to suidperl in /usr/bin. According to perl584delta: suidperl less insecure Paul Szabo has analysed and patched "suidperl" to remove existing known insecurities. Currently there are no known holes in "suidperl", but previous experience shows that we cannot be confident that these were the last. You may no longer invoke the set uid perl directly, so to preserve backwards compatibility with scripts that invoke #!/usr/bin/suidperl the only set uid binary is now "sperl5.8."n ("sperl5.8.4" for this release). "suidperl" is installed as a hard link to "perl"; both "suidperl" and "perl" will invoke "sperl5.8.4" automat- ically the set uid binary, so this change should be completely trans- parent. It is much more accurate to: ln -sf /usr/local/sbin/suidperl /usr/bin/suidperl >How-To-Repeat: make ENABLE_SUIDPERL=yes install Try to run anything suidperl... >Fix: --- use.perl.org Mon Apr 18 18:30:50 2005 +++ use.perl Mon Apr 18 18:42:13 2005 @@ -133,12 +133,14 @@ echo " Removing /usr/bin/$binary" fi bin=`echo $binary | /usr/bin/sed -e 's!perl5!perl!'` - bin=`echo $bin | /usr/bin/sed -e 's!suidperl!sperl!'` if [ -e "/usr/bin/$binary.XXX" ] ; then echo " *** /usr/bin/$binary is still there, which should not happen" elif [ -e "$PKG_PREFIX/bin/${bin}%%PERL_VERSION%%" ] ; then echo " Symlinking $PKG_PREFIX/bin/${bin}%%PERL_VERSION%% to /usr/bin/$binary" /bin/ln -sf "$PKG_PREFIX/bin/${bin}%%PERL_VERSION%%" "/usr/bin/$binary" + elif [ -e "$PKG_PREFIX/bin/${bin}" ] ; then + echo " Symlinking $PKG_PREFIX/bin/${bin} to /usr/bin/$binary" + /bin/ln -sf "$PKG_PREFIX/bin/${bin}" "/usr/bin/$binary" else echo " *** $PKG_PREFIX/bin/${bin}%%PERL_VERSION%% is not there, a symlink won't do any good" fi @@ -168,8 +170,11 @@ echo " *** /usr/bin/$binary is there, which should not happen" else bin=`echo $binary | /usr/bin/sed -e 's!perl5!perl!'` - bin=`echo $bin | /usr/bin/sed -e 's!suidperl!sperl!'` - bins=`/bin/ls /usr/bin/${bin}5.* 2>/dev/null | /usr/bin/sort` + if [ ${bin} != "suidperl" ] ; then + bins=`/bin/ls /usr/bin/${bin}5.* 2>/dev/null | /usr/bin/sort` + else + bins=`/bin/ls /usr/bin/${bin} 2>/dev/null | /usr/bin/sort` + fi bin="" for b in $bins do >Release-Note: >Audit-Trail: >Unformatted: