[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian two-factor auth, GSoC?

On Fri, Apr 12, 2013 at 11:50:45PM +0100, Ben Hutchings wrote:
> On Fri, Apr 12, 2013 at 05:38:38PM -0500, Peter Samuelson wrote:
> > 
> > [Russ Allbery]
> > > Oh, I thought they'd given up on Safe.  For some reason it stuck in
> > > my mind that it had too many issues and ended up being deprecated.
> > > Apparently, I either made that up or misremembered something.
> > 
> > Possibly you were thinking of suidperl, the hack to allow Perl programs
> > to use setuid and setgid, working around the fact that most Unix
> > kernels don't honor the setuid + setgid bits when launching #! scripts.
> > suidperl was dropped some years ago because it had too many issues.
> No, it's this:
> http://search.cpan.org/~rgarcia/Safe-2.35/Safe.pm
> (I seem to remember using a very early version of this, which was the
> only way to run a CGI script in my web space at university.  It was
> definitely very restricted, but then I wasn't a particularly inventive
> Perl programmer.)

Does <http://www.oucs.ox.ac.uk/web/faq/index.xml?ID=safeperl> ring any
bells? :) I don't think the code which uses Safe.pm to implement that
environment (a perl program called cgiperl, plus a SUID root wrapper
for privilege management) is really released anywhere, but it is just
about limping along, although I seem to recall that we haven't managed
to get it to work with anything more recent than 5.10 yet.


Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

Reply to: