On Mon, May 08, 2000 at 06:54:09PM +1000, Brendan O'Dea wrote: > On Mon, May 08, 2000 at 03:15:54AM -0400, Decklin Foster wrote: > >Ethan Benson writes: > > > >> im not all that familier with the way suidperl works but why can't > >> it check for nosuid mount options before allowing a script located > >> on a nosuid filesystem from being run suid? > > > >Take it up with the Perl people; my personal reaction is 'yuck' but > >they may have a different view. [...] > > suidperl honours the nosuid flag. i just tested this and it appears that it does, i get a permission denied when trying to suidperl a suid root perl script in my home directory (/home is nosuid) but not when its in / (i don't think im not bothering to write a script perl is happy to run suid) actually just testing this on my OpenBSD box this seems to be the case, it has no suidperl binary, and i ran a suid perl script executing system("id") the suid bit is ignored when on a nosuid filesystem, but perl complains about insecure PATH/ENV when running suid with the script in / is suidperl even needed on non-linux systems? the only reason i think think of why its required is because the linux kernel refuses to run scripts suid (though i can't quite tell if it does that to perl scripts) OpenBSD happily runs shell scripts suid... AFAIK ignoring suid on scripts is a linuxism. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgp38hBPFeiVA.pgp
Description: PGP signature