Re: suid-perl
On Sun, 31 Jan 1999, Chip Salzenberg wrote:
>
> The code exists to check the mount options relevant to an open file.
> It's just a Small Matter of Programming to integrate that into the
> Perl source code, and disable emultation of setuid scripts when the
> 'nosuid' mount option is set.
But, then every interpreter should do this (by analogy with you point
below). Well, not a perfect analogy. But every suid-emulating
interpreted. (Aside: Why hasn't linus patched the kernel so that suid
scripts are secure? It's an easy task, surely?)
>
> And as for 'noexec', well, it's not relevant to Perl anyway. (All you
> have to do is run "perl scriptname" instead of just "./scriptname".)
> Or do you suggest that every single language compiler/interpreter must
> check mount options? Should Java .class files be unusable if they're
> on a 'noexec' filesystem? I don't _think_ so.
As it is, noexec is almost useless.
I can't help thinking that *all* interpreters *should* check noexec
status.
However, they don't..
Jules
/----------------+-------------------------------+---------------------\
| Jelibean aka | jules@jellybean.co.uk | 6 Evelyn Rd |
| Jules aka | jules@debian.org | Richmond, Surrey |
| Julian Bean | jmlb2@hermes.cam.ac.uk | TW9 2TF *UK* |
+----------------+-------------------------------+---------------------+
| War doesn't demonstrate who's right... just who's left. |
| When privacy is outlawed... only the outlaws have privacy. |
\----------------------------------------------------------------------/
Reply to: