Bugtraq mailing list archives
Re: Secuity hole with perl (suidperl) and nosuid mounts on Linux
From: roberto () EUROCONTROL FR (Ollivier Robert)
Date: Mon, 18 Jan 1999 11:13:24 +0100
According to Jan B. Koum:
nosuid Do not allow set-user-identifier or set-group-identifier bits to take effect. Note: this option is worthless if a public available suid or sgid wrapper like suidperl(1) is installed on your system.
As I saif to Jan on freebsd-security, I submitted a patch to perl5-porters before 5.004_04 but it was not included in the mainstream Perl because 1. it was too close to release and 2. it was FreeBSD-specific. The fix to this bug/feature has been incorporated in FreeBSD's perl5 port and in the /usr/src/contrib-uted version of Perl since before 2.2.7 so FreeBSD users neeed not to worry about that. -- Ollivier ROBERT -=- Eurocontrol EEC/TS -=- Ollivier.Robert () eurocontrol fr The Postman hits! The Postman hits! You have new mail.
Current thread:
- test-cgi - Re: HTTP REQUEST METHOD flaw monti (Jan 13)
- Re: test-cgi - Re: HTTP REQUEST METHOD flaw Peter van Dijk (Jan 14)
- Re: test-cgi - Re: HTTP REQUEST METHOD flaw Peter van Dijk (Jan 15)
- Re: test-cgi - Re: HTTP REQUEST METHOD flaw Dr. Mudge (Jan 15)
- Secuity hole with perl (suidperl) and nosuid mounts on Linux Brian McCauley (Jan 14)
- Re: Secuity hole with perl (suidperl) and nosuid mounts on Linux Jan B. Koum (Jan 15)
- Re: Secuity hole with perl (suidperl) and nosuid mounts on Linux Ollivier Robert (Jan 18)
- Re: Secuity hole with perl (suidperl) and nosuid mounts on Linux Jarkko Hietaniemi (Jan 18)
- Re: Secuity hole with perl (suidperl) and nosuid mounts on Linux Jan B. Koum (Jan 15)
- Re: test-cgi - Re: HTTP REQUEST METHOD flaw Peter van Dijk (Jan 14)
- security hole in Maximizer Mike Jones (Jan 14)
- AW: test-cgi Adrian Dabrowski (Jan 14)