Re: suid-perl

To: debian-devel@lists.debian.org
Subject: Re: suid-perl
From: Chip Salzenberg <chip@perlsupport.com>
Date: Sun, 31 Jan 1999 17:05:19 -0500
Message-id: <[🔎] 19990131170519.A16021@perlsupport.com>
In-reply-to: <[🔎] 19990131101750.A4506@frederick.itri.loyola.edu>; from Michael Stone on Sun, Jan 31, 1999 at 10:17:50AM -0500
References: <E1068wg-00016a-00@gatekeeper.bcwhite.ml.org> <[🔎] 19990131004847.A31842@justice.loyola.edu> <[🔎] 19990131140716.C2824@cs.leidenuniv.nl> <[🔎] 19990131101750.A4506@frederick.itri.loyola.edu>

According to Michael Stone:
> Quoting Wichert Akkerman (wakkerma@cs.leidenuniv.nl):
> > What perl-suid should do is check the mountoptions for the filesystem on
> > which the script resides and abort if that was mounted with nosuid.
> > Should be quite simple actually..
> 
> But that's still not general enough. For example, you just missed the
> case of noexec... The solution should be done at a higher level, IMHO...

Every OS has a different set of mount options that may or may not be
relevant to setuid security.  I don't see what 'higher level' would be
useful.
-- 
Chip Salzenberg      - a.k.a. -      <chip@perlsupport.com>
      "When do you work?"   "Whenever I'm not busy."

Reply to:

Follow-Ups:
- Re: suid-perl
  - From: Michael Stone <mstone@itri.loyola.edu>
- Re: suid-perl
  - From: Jules Bean <jmlb2@hermes.cam.ac.uk>

References:
- Re: List of bugs that *must* be fixed before releasing Slink
  - From: Michael Stone <mstone@cs.loyola.edu>
- Re: List of bugs that *must* be fixed before releasing Slink
  - From: Wichert Akkerman <wakkerma@cs.leidenuniv.nl>
- Re: List of bugs that *must* be fixed before releasing Slink
  - From: Michael Stone <mstone@itri.loyola.edu>

Prev by Date: Re: Call for mascot! :-)
Next by Date: Re: non-us.debian.org OK?
Previous by thread: Re: List of bugs that *must* be fixed before releasing Slink
Next by thread: Re: suid-perl
Index(es):
- Date
- Thread