Re: suid-perl

[Jules Bean <jmlb2@hermes.cam.ac.uk>]

On Sun, 31 Jan 1999, Chip Salzenberg wrote:
> 
> The code exists to check the mount options relevant to an open file.
> It's just a Small Matter of Programming to integrate that into the
> Perl source code, and disable emultation of setuid scripts when the
> 'nosuid' mount option is set.

But, then every interpreter should do this (by analogy with you point
below).  Well, not a perfect analogy.  But every suid-emulating
interpreted.  (Aside: Why hasn't linus patched the kernel so that suid
scripts are secure?  It's an easy task, surely?)

> 
> And as for 'noexec', well, it's not relevant to Perl anyway.  (All you
> have to do is run "perl scriptname" instead of just "./scriptname".)
> Or do you suggest that every single language compiler/interpreter must
> check mount options?  Should Java .class files be unusable if they're
> on a 'noexec' filesystem?  I don't _think_ so.

As it is, noexec is almost useless.

I can't help thinking that *all* interpreters *should* check noexec
status.

However, they don't..

Jules

/----------------+-------------------------------+---------------------\
|  Jelibean aka  | jules@jellybean.co.uk         |  6 Evelyn Rd	       |
|  Jules aka     | jules@debian.org              |  Richmond, Surrey   |
|  Julian Bean   | jmlb2@hermes.cam.ac.uk        |  TW9 2TF *UK*       |
+----------------+-------------------------------+---------------------+
|  War doesn't demonstrate who's right... just who's left.             |
|  When privacy is outlawed... only the outlaws have privacy.          |
\----------------------------------------------------------------------/