Re: new suid-perl debian security update breaks qmail-scanner!
El lun, 19-04-2004 a las 19:58, David Wilk escribió:
> Howdy,
>
> I noticed that qmail-scanner-queue refuses to run after the last debian
> perl update. I tried to install the latest qmail-scanner, but
> unfortunately the ./configure fails reporting:
>
> <snip>
> Testing suid nature of /usr/bin/suidperl...
> Whoa - broken perl install found.
> Cannot even run a simple script setuid
>
> Installation of Qmail-Scanner FAILED
>
> Error was:
> suidperl needs fd script
> <snip>
>
> I verified that suidperl is indeed suid root. Not sure what's going on.
> anyone have any ideas?
>
> thanks,
> Dave
> --
> *******************************
> David Wilk
> System Administrator
> Community Internet Access, Inc.
myca@cia-g.com
Hi all,
this update fixes a security hole in suid-perl and now you cannot exec
it directly from /usr/bin/suidperl, u must call it from perl executable.
So to fix the problem with qmail-scanner u must edit the qmail-scanner's
configure script and replace suidperl with perl in the line where the
variable SUIDEPERL is defined (SUIDPERL="${SUIDPERL:-$dir/perl}").
That's the line 650 in qmail-scanner-1.21st.
This has fixed the problem for me.
Greetings
--
Carlos Solano Lisa
Reply to: