Date: Tue, 20 Aug 2002 14:26:10 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: "Oles' Hnatkevych" <gnut@fc.kiev.ua> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: sperl5 Message-ID: <20020820132610.GC16083@happy-idiot-talk.infracaninophi> In-Reply-To: <18314669303.20020820130631@fc.kiev.ua> References: <18314669303.20020820130631@fc.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 20, 2002 at 01:06:31PM +0300, Oles' Hnatkevych wrote:
> Why /usr/bin/sperl5 still has r-x--x--x instead
> of r-s--x--x - just in case it has undisclosed bugs
> or still exist known exploites for the sperl5?
>
> If I change it back to 4511 - what should I be afraid of?
That's just reasonable paranoia. After all, perl is a general purpose
language that lets you do anything you can think of usually in more
than one way -- and that includes getting a root shell from sperl.
Granted that there are Taint checks and other mechanisms built into
sperl, which should give you some protection, but it's still way too
much exposure for the root account. Don't 'chmod u+s sperl' unless
you have a very good reason to do so.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
Tel: +44 1628 476614 Marlow
Fax: +44 0870 0522645 Bucks., SL7 1TH UK
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020820132610.GC16083>