Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 11 Aug 2000 12:34:13 -0600
From:      Warner Losh <imp@village.org>
To:        Christopher Masto <chris@netmonger.net>
Cc:        cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG
Subject:   Re: cvs commit: src/gnu/usr.bin/perl Makefile 
Message-ID:  <200008111834.MAA36197@harmony.village.org>
In-Reply-To: Your message of "Fri, 11 Aug 2000 14:18:00 EDT." <20000811141800.A14610@netmonger.net> 
References:  <20000811141800.A14610@netmonger.net>  <200008102259.PAA65377@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
-----BEGIN PGP SIGNED MESSAGE-----

In message <20000811141800.A14610@netmonger.net> Christopher Masto writes:
: On Thu, Aug 10, 2000 at 03:59:54PM -0700, Warner Losh wrote:
: > imp         2000/08/10 15:59:54 PDT
: > 
: >   Modified files:
: >     gnu/usr.bin/perl     Makefile 
: >   Log:
: >   Don't build suidperl by default.  Make users specifically enable its
: >   building.
: 
: Umm.. isn't that a bit of a radical change?  Any reason for it?

Yes.  There have been two suidperl bugs now.  One we were vulnerable
to several years ago, and the other recent one we weren't only because
we didn't have a /bin/mail program.  There's generally no need for
this program in the base system.  There was only one program that was
in the base system that used it, which has been rewritten in C so we
don't need it any more.  When the first bug came up, lots of people
supported removing suidperl, but keyinfo was in the way.  It didn't
become a big issue until the second bug came up, which motivated the
security officer team to militate for its removal.

Since the default for FreeBSD is make thigns secure by default,
suidperl represents too great a risk to be enabled by default.

Warner Losh
FreeBSD Security Officer

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBOZRHINxynu/2qPVhAQEyYwP9FASNfas1Y/7iqyj4hPVXP2fgKZx/kRyw
63vyuSKpnnoypePHGJpANKSn5JrdZswS/GCqXywACzc386FE/+sgT4dmeVHD3IFL
4hzkHxmUNzBLEr3lQF8yOT3Idye3IR1k+LGw7QaY2XiyFGAApw2A4ZTHuV+t1e3V
SPhzLpa9hMQ=
=XkHV
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008111834.MAA36197>