-----BEGIN PGP SIGNED MESSAGE-----
Jules Bean, in an immanent manifestation of deity, wrote:
>On Sun, 31 Jan 1999, Chip Salzenberg wrote:
>> The code exists to check the mount options relevant to an open file.
>> It's just a Small Matter of Programming to integrate that into the
>> Perl source code, and disable emultation of setuid scripts when the
>> 'nosuid' mount option is set.
Well, while it's not a perfect fix (IMHO, that'd be stripping the suid
bit in the system call), I've applied and tested Jarkko Hietaniemi's
patch for perl-5.004.04. If you try to run a suidperl script on a
nosuid fs, you get 'permission denied'. I've tested it on both slink
and potato systems. Please try it yourselves.
>interpreted. (Aside: Why hasn't linus patched the kernel so that suid
>scripts are secure? It's an easy task, surely?)
I remember reading somewhere back in the 1.0 or .99 days that linus will
never implement suid scripts because they cause too many other holes.
But note the age of the memory that would have to be and take it with
>As it is, noexec is almost useless.
>I can't help thinking that *all* interpreters *should* check noexec
Actually, I find noexec more useful when I have multiple architectures
implemented. I know that it's saved me a few times when I went to run
elf binaries compiled for Irix 5.3/6.5 on my linux box at work. I found
it rather handy...
<firstname.lastname@example.org> <http://www.daft.com/~torin> <email@example.com> <firstname.lastname@example.org>
Darren Stalder/2608 Second Ave, @282/Seattle, WA 98121-1212/USA/+1-800-921-4996
@ Sysadmin, webweaver, postmaster for hire. C/Perl/CGI/Pilot programmer/tutor @
@ Make a little hot-tub in your soul. @
-----BEGIN PGP SIGNATURE-----
Comment: Processed by Mailcrypt 3.5.1, an Emacs/PGP interface
-----END PGP SIGNATURE-----