From owner-cvs-all Fri Aug 11 11:34:59 2000 Delivered-To: cvs-all@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 9B85137B683; Fri, 11 Aug 2000 11:34:48 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id MAA09556; Fri, 11 Aug 2000 12:34:43 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id MAA36197; Fri, 11 Aug 2000 12:34:13 -0600 (MDT) Message-Id: <200008111834.MAA36197@harmony.village.org> To: Christopher Masto Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG In-reply-to: Your message of "Fri, 11 Aug 2000 14:18:00 EDT." <20000811141800.A14610@netmonger.net> References: <20000811141800.A14610@netmonger.net> <200008102259.PAA65377@freefall.freebsd.org> Date: Fri, 11 Aug 2000 12:34:13 -0600 From: Warner Losh Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG -----BEGIN PGP SIGNED MESSAGE----- In message <20000811141800.A14610@netmonger.net> Christopher Masto writes: : On Thu, Aug 10, 2000 at 03:59:54PM -0700, Warner Losh wrote: : > imp 2000/08/10 15:59:54 PDT : > : > Modified files: : > gnu/usr.bin/perl Makefile : > Log: : > Don't build suidperl by default. Make users specifically enable its : > building. : : Umm.. isn't that a bit of a radical change? Any reason for it? Yes. There have been two suidperl bugs now. One we were vulnerable to several years ago, and the other recent one we weren't only because we didn't have a /bin/mail program. There's generally no need for this program in the base system. There was only one program that was in the base system that used it, which has been rewritten in C so we don't need it any more. When the first bug came up, lots of people supported removing suidperl, but keyinfo was in the way. It didn't become a big issue until the second bug came up, which motivated the security officer team to militate for its removal. Since the default for FreeBSD is make thigns secure by default, suidperl represents too great a risk to be enabled by default. Warner Losh FreeBSD Security Officer -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBOZRHINxynu/2qPVhAQEyYwP9FASNfas1Y/7iqyj4hPVXP2fgKZx/kRyw 63vyuSKpnnoypePHGJpANKSn5JrdZswS/GCqXywACzc386FE/+sgT4dmeVHD3IFL 4hzkHxmUNzBLEr3lQF8yOT3Idye3IR1k+LGw7QaY2XiyFGAApw2A4ZTHuV+t1e3V SPhzLpa9hMQ= =XkHV -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message