Corion has asked for the wisdom of the Perl Monks concerning the following question:

Just yesterday, somebody told me about this online PDF book called Securing and Optimizing Linux, which is very Red Hat centric but contains "some interesting topics like kernel optimization and security hints" (as that person told me). While browsing my copy, I stumbled over the suid and sgid security procedure, where they have a list of programs that have the suid flag set and which could/should be removed from a secure server.

What really astonished me was, that they left suidperl and a hardlink to it, sperl5.005_3 on the system, which somewhat defeats the whole purpose of removing suid programs at all.

So now my main question is, why have suidperl at all ? Which standard scripts and other stuff depend on it ?

Replies are listed 'Best First'.
(dchetlin: Do not.) Re: A question about suidperl
by dchetlin (Friar) on Oct 10, 2000 at 13:29 UTC
    No reason that I know of. There should definitely be no scripts that depend on it. Keep away. Bad suidperl. No biscuit.

    Although this book was put together before the major security vulnerability, it's still disappointing that they wouldn't have taken suidperl off -- intelligent people avoided it long before that last, most heinous straw.

    -dlc

[reply]
RE: A question about suidperl
by Anonymous Monk on Oct 10, 2000 at 22:21 UTC
    Sorry- what is suidperl?
[reply]
      Try checking perlsec, I believe there's information on it there (IIRC).

      - Zoogie

[reply]

Back to Seekers of Perl Wisdom