On Jan 21, 2007, at 18:34:56, David Wagner wrote:
[1] In comparison, suidperl was designed to be installed setuid-
root, and it takes special precautions to be safe in this usage.
(And even it has had some security vulnerabilities, despite its
best efforts, which illustrates how tricky this business can be.)
Setting the setuid-root bit on a large complex interpreter that
wasn't designed to be setuid-root seems like a pretty dubious
proposition to me.
Well, there's also the fact that Linux does *NOT* need suidperl, as
it has proper secure support for suid pound-bang scripts anyways.
The only reason for suidperl in the first place was broken operating
systems which had a race condition between the operating system
checking the suid bits and reading the '#! /usr/bin/perl' line in the
file, and the interpreter getting executed and opening a different
file (think symlink redirection attacks). I believe Linux jumps
through some special hoops to ensure that can't happen.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
