Majordomo-Users: Re: Just an FYI on perl

Majordomo-Users
(June 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Just an FYI on perl
From:	Jim Jagielski <jim @ jaguNET . com>
Date:	Thu, 27 Jun 1996 17:07:28 -0400 (EDT)
To:	ratinox @ unilab . dfci . harvard . edu (Richard Pieri)
Cc:	Majordomo-users @ GreatCircle . COM
In-reply-to:	<x7g27h9edp.fsf@unilab.dfci.harvard.edu> from "Richard Pieri" at Jun 27, 96 04:32:50 pm
Reply-to:	jim @ jaguNET . com (Jim Jagielski)

Richard Pieri wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> >>>>> "DL" == Daniel Lark <dan@netsteps.com> writes:
> 
> DL> For those who might not know, CERT has just issued an advisory on
> DL> Perl 4.x through 5.002.
> 
> Specifically, suidperl, the perl interpreter which attempt to fake out
> the kernel to allow set-UID scripts.  Since Majordomo uses a C wrapper
> program, it is secure in this regard.  Compiled programs do not generate
> the race condition that can result from set-UID scripts.
> 

The problem with suidperl can give anyone root access very easily...
Thus, even though it's not directly a MD problem, it can be if some-
one uses it to munge up your system <g>

-- 
Jim Jagielski  << jim@jaguNET.com >>   |      "That's a Smith & Wesson,
  **  jaguNET Access Services  **      |       and you've had your six" 
      Email: info@jaguNET.com          |             - James Bond
++    http://www.jaguNET.com/         +++      Voice/Fax: 410-931-3157       ++

References:

Re: Just an FYI on perl
From: Richard Pieri <ratinox@unilab.dfci.harvard.edu>

Indexed By Date	Previous:	RFC From: Gary Oliver <oliverg@nicanor.acu.edu>
Indexed By Date	Next:	setting subject prefix From: Deonne Kahler <actionpatch@earthlink.net>
Indexed By Thread	Previous:	Re: Just an FYI on perl From: Richard Pieri <ratinox@unilab.dfci.harvard.edu>
Indexed By Thread	Next:	Re: Just an FYI on perl From: jkrage@scientech.com (Joshua Krage)