Re: Bug#220486: Acknowledgement (perl-suid: suidperl security)

To: Paul Szabo <psz@maths.usyd.edu.au>
Cc: 220486@bugs.debian.org, debian-release@lists.debian.org, perl@packages.debian.org, team@security.debian.org
Subject: Re: Bug#220486: Acknowledgement (perl-suid: suidperl security)
From: Matt Zimmerman <mdz@debian.org>
Date: Mon, 16 Feb 2004 17:05:06 -0800
Message-id: <20040217010506.GB12277@alcor.net>
Mail-followup-to: Paul Szabo <psz@maths.usyd.edu.au>, 220486@bugs.debian.org, debian-release@lists.debian.org, perl@packages.debian.org, team@security.debian.org
In-reply-to: <200402170050.i1H0oXC60391@milan.maths.usyd.edu.au>
References: <200402170050.i1H0oXC60391@milan.maths.usyd.edu.au>

On Tue, Feb 17, 2004 at 11:50:33AM +1100, Paul Szabo wrote:

> As noted in that discussion, you cannot allow suidperl to open anything as
> root. Kindly use the patch I provided to swap UIDs before open; or better,
> the patch to open in perl then pass /dev/fd/XXX to suidperl; see also the
> patches I am "pushing" (and discussion) on perl5-porters@perl.org .

I cannot follow the discussion; this update had been pending for some time
and had to be released in its current state (which is no worse).  Once you
and upstream have come to an agreement about a permanent and proper fix, by
all means forward it on to us.

-- 
 - mdz

Reply to:

References:
- Re: Bug#220486: Acknowledgement (perl-suid: suidperl security)
  - From: psz@maths.usyd.edu.au (Paul Szabo)

Prev by Date: Re: Bug#220486: Acknowledgement (perl-suid: suidperl security)
Next by Date: Re: Bug#220486: Acknowledgement (perl-suid: suidperl security)
Previous by thread: Re: Bug#220486: Acknowledgement (perl-suid: suidperl security)
Next by thread: Re: Bug#220486: Acknowledgement (perl-suid: suidperl security)
Index(es):
- Date
- Thread