XP is just a number | |
PerlMonks |
Re^2: Changing effecive user idby astroboy (Chaplain) |
on Aug 27, 2009 at 04:51 UTC ( [id://791526]=note: print w/replies, xml ) | Need Help?? |
Thanks. Ok - I added perl-suid to the vendor (Redhat/CentOS) Perl and it now works. However, I still need to get it working with my hand-compiled Perl According to perlsec: In recent years, vendors have begun to supply systems free of this inherent security bug. On such systems, when the kernel passes the name of the set-id script to open to the interpreter, rather than using a pathname subject to meddling, it instead passes /dev/fd/3. This is a special file already opened on the script, so that there can be no race condition for evil scripts to exploit. On these systems, Perl should be compiled with -DSETUID_SCRIPTS_ARE_SECURE_NOW . The Configure program that builds Perl tries to figure this out for itself, so you should never have to specify this yourself. So I'm guessing RHEL/CentOS 5.3 doesn't support this. But your reply got me wondering whether I should be adding suid perl to my build. The perl 5.10.0 INSTALL file doesn't mention it, other than it will be deprecated in favour of the SETUID_SCRIPTS_ARE_SECURE_NOW option that doesn't seem to be working for me. So it seems I should revert to suidperl. I couldn't see any instructions on how to do this in the INSTALL file. This didn't work for me:
suidperl got created in the build directory, but the install didn't seem to do anything with it... Cheers
In Section
Seekers of Perl Wisdom
|
|