[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: new suid-perl debian security update breaks qmail-scanner!

El lun, 19-04-2004 a las 19:58, David Wilk escribió:
> Howdy,
> 
> I noticed that qmail-scanner-queue refuses to run after the last debian
> perl update.  I tried to install the latest qmail-scanner, but
> unfortunately the ./configure fails reporting:
> 
> <snip>
> Testing suid nature of /usr/bin/suidperl...
> Whoa - broken perl install found.
> Cannot even run a simple script setuid
> 
> Installation of Qmail-Scanner FAILED
> 
> Error was:
> suidperl needs fd script
> <snip>
> 
> I verified that suidperl is indeed suid root.  Not sure what's going on.
> anyone have any ideas?
> 
> thanks,
> Dave
> -- 
> *******************************
> David Wilk
> System Administrator
> Community Internet Access, Inc.
myca@cia-g.com

Hi all,

this update fixes a security hole in suid-perl and now you cannot exec
it directly from /usr/bin/suidperl, u must call it from perl executable.
So to fix the problem with qmail-scanner u must edit the qmail-scanner's
configure script and replace suidperl with perl in the line where the
variable SUIDEPERL is defined (SUIDPERL="${SUIDPERL:-$dir/perl}").
That's the line 650 in qmail-scanner-1.21st.

This has fixed the problem for me.

Greetings

-- 
Carlos Solano Lisa
Reply to: