From owner-cvs-all Fri Aug 11 12:10:18 2000 Delivered-To: cvs-all@freebsd.org Received: from zibbi.mikom.csir.co.za (zibbi.mikom.csir.co.za [146.64.24.58]) by hub.freebsd.org (Postfix) with ESMTP id E8DE137C1DE; Fri, 11 Aug 2000 12:10:05 -0700 (PDT) (envelope-from jhay@zibbi.mikom.csir.co.za) Received: (from jhay@localhost) by zibbi.mikom.csir.co.za (8.10.1/8.10.1) id e7BJ9cU57765; Fri, 11 Aug 2000 21:09:38 +0200 (SAT) From: John Hay Message-Id: <200008111909.e7BJ9cU57765@zibbi.mikom.csir.co.za> Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile In-Reply-To: <200008111831.UAA14139@grimreaper.grondar.za> from Mark Murray at "Aug 11, 2000 08:31:20 pm" To: mark@grondar.za (Mark Murray) Date: Fri, 11 Aug 2000 21:09:38 +0200 (SAT) Cc: chris@netmonger.net (Christopher Masto), imp@FreeBSD.org (Warner Losh), cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > > Don't build suidperl by default. Make users specifically enable its > > > building. > > > > Umm.. isn't that a bit of a radical change? Any reason for it? > > Yes; SUID-anything is a potential hole. Perl may be a good tool, > and folks who need it can get it, but for the rank-and file, > disabling this is good. But to require one to get the source just because you need suidperl is a bit extreme, I think. What about installing it without the suid bit and if you guys feel generous add an easy way to get the suid bit set. Or what about a sysinstall option? Or maybe make it a port/package? If we really want to be this paranoid, we should think about removing all other suid programs from a standard build too. John -- John Hay -- John.Hay@icomtek.csir.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message