Re: why does perl-suid not mount

Replies are listed 'Best First'.
Re^2: why does perl-suid not mount by syphilis (Archbishop) on Nov 10, 2010 at 10:46 UTC
why does perl-suid not mount For fear of having a bucket of water thrown over it by Mary Whitehouse ? Sorry :-) Cheers, Rob	[reply]
Re^2: why does perl-suid not mount by Anonymous Monk on Nov 10, 2010 at 12:04 UTC
If suidperl is deprecated, is there any successing concept for writing suid programs? Or will I have to write C code?	[reply]
Re^3: why does perl-suid not mount by Corion (Patriarch) on Nov 10, 2010 at 12:08 UTC
See perlsec. It also contains the 5 lines of C code you need to write to get a suid-launcher for your script.	[reply]
Re^4: why does perl-suid not mount by Anonymous Monk on Nov 10, 2010 at 13:32 UTC
I'll look into that. Just for curiosity, what exactly is the advantage over suidperl? I understand the race condition issue, but the shell forks and calls execve() just as the wrapper code does. So, if there is anyone who can write root owned files (resp. links to them), the attack should work with the wrapper as well. Besides that an attacker who can write root owned files, would probably do something simpler than exploiting this race condition.	[reply]
Re^5: why does perl-suid not mount by Corion (Patriarch) on Nov 10, 2010 at 13:48 UTC