C
chris-usenet
Hi folks,
Perl 5.6.1 from debian "testing" (aka "sarge" for those who like
to know). According to debian's package installation manager, the
corresponding suid-perl is deprecated and is likely to be removed in some
(unspecified) later release.
perlsec doesn't appear to explain why it's deprecated, although it
does give the expected dire warnings about writing secure scripts,
and it offers a sample C wrapper (see the section "Security Bugs").
Google has a couple of threads from which I infer that it may be related
to a vulnerability with no-suid filesystems. However, I cannot find any
concrete details.
What's the score with perl scripts that really do need to be setuid? Do
I go back to using a C wrapper for each, or is there a supported secure
but "more elegant" solution?
This is perl. I don't want to have to go back to writing C
Thanks,
Chris
Perl 5.6.1 from debian "testing" (aka "sarge" for those who like
to know). According to debian's package installation manager, the
corresponding suid-perl is deprecated and is likely to be removed in some
(unspecified) later release.
perlsec doesn't appear to explain why it's deprecated, although it
does give the expected dire warnings about writing secure scripts,
and it offers a sample C wrapper (see the section "Security Bugs").
Google has a couple of threads from which I infer that it may be related
to a vulnerability with no-suid filesystems. However, I cannot find any
concrete details.
What's the score with perl scripts that really do need to be setuid? Do
I go back to using a C wrapper for each, or is there a supported secure
but "more elegant" solution?
This is perl. I don't want to have to go back to writing C
Thanks,
Chris