SUMMARY: Is suidperl safe on solaris 2.6?

From: John Black (black_zero@usa.net)
Date: Tue Nov 07 2000 - 11:21:13 CST


Hi,
This summary is being submitted very late. Sorry for the delay.

The following friends replied, thank you very much for support.

David Foster <foster@dim.ucsd.edu>
Arthur Darren Dunham <add@netcom.com>
Casper Dik <Casper.Dik@holland.sun.com>
Daniel Muino <dmuino@afip.gov.ar>
"Rodney Wines" <Rodney.Wines@ahqps.alcatel.fr>

The answer is:
Just make your script setuid and you're done. suidperl is required on some
operating systems in order to execute set-uid perl scripts. suidperl used to
be a separate application. On "safe" operating systems (Solaris is considered
safe), you don't need a separate application.

In Solaris all you need to do is make the script set-uid. setuid scripts are
safe on Solaris, so there's no need to use suidperl. suidperl has been created
for use where the OS lacked proper support for setuid scripts, e.g. linux.

Original Post:

Hi,

I am about to use webmail on my servers. The webmail perl script need
suidperl. I have read faqs about suidperl and have found that in past it had
possessed many flaws which have been exploited to gain unauthorised root
access on the system.

My question is that "is it safe to use suidperl these days?"
Moreover, is there any secure version of suidperl available or should I have
to rely on perl5.004.04's suidperl module. I mean just like wu-ftp which is
far more restricted than solaris's built-in ftp service

Thank you

John Black

____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1

S
U BEFORE POSTING please READ the FAQ located at
N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq
. and the list POLICY statement located at
M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy
A To submit questions/summaries to this list send your email message to:
N sun-managers@sunmanagers.ececs.uc.edu
A To unsubscribe from this list please send an email message to:
G majordomo@sunmanagers.ececs.uc.edu
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:
I http://www.latech.edu/sunman.html
S
T



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:21 CDT