[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: new suid-perl debian security update breaks qmail-scanner!

People,
I found this in the archive and am experiencing the same problem.
I have replaced the line SUIDPERL="${SUIDPERL:-$dir/suidperl}" with SUIDPERL="${SUIDPERL:-$dir/perl}on line 754 of the ./configure script (qmail-scanner 1.25), but I still keep on getting the error as described below. I am running Sarge with perl-suid 5.8.4-8. How can I fix this because I am stuck :( 

Thanks
-Patrick


I did just this (except the 'SUIDPERL="${SUIDPERL:-$dir/perl}"' line was
on line 500) and now it's working perfectly.  thanks for the post!  you
really saved my day.

thanks,
Dave

On Mon, Apr 19, 2004 at 08:08:36PM +0200 or thereabouts, Debian wrote:

El lun, 19-04-2004 a las 19:58, David Wilk escribi?:
> Howdy,
> > I noticed that qmail-scanner-queue refuses to run after the last debian 
> perl update.  I tried to install the latest qmail-scanner, but
> unfortunately the ./configure fails reporting:
> > <snip> 
> Testing suid nature of /usr/bin/suidperl...
> Whoa - broken perl install found.
> Cannot even run a simple script setuid
> > Installation of Qmail-Scanner FAILED > > Error was: 
> suidperl needs fd script
> <snip>
> > I verified that suidperl is indeed suid root. Not sure what's going on. 
> anyone have any ideas?
> > thanks, 
> Dave
> -- > ******************************* 
> David Wilk
> System Administrator
> Community Internet Access, Inc.
myca@cia-g.com

Hi all,

this update fixes a security hole in suid-perl and now you cannot exec
it directly from /usr/bin/suidperl, u must call it from perl executable.
So to fix the problem with qmail-scanner u must edit the qmail-scanner's
configure script and replace suidperl with perl in the line where the
variable SUIDEPERL is defined (SUIDPERL="${SUIDPERL:-$dir/perl}").
That's the line 650 in qmail-scanner-1.21st.

This has fixed the problem for me.

Greetings

--
Carlos Solano Lisa
Reply to: