[EMAIL PROTECTED] (Wichert Akkerman) wrote on 31.01.99 in <[EMAIL PROTECTED]>:
> Previously Michael Stone wrote: > > > perl-suid 31904 [EMAIL PROTECTED]: Secuity hole with pe= > rl (suidperl) and nosuid mounts on Linux] [13] (Darren Stalder <[EMAIL > PROTECTED] .com>> ) > >=20 > > I'm not sure there's much we can do about this one--it's a library (kerne= > l?) > > problem. Perhaps a note in the postinst that the 'nosuid' mount option wo= > n't > > work, and a suggestion that care be taken with user-mountable media? > > What perl-suid should do is check the mountoptions for the filesystem on > which the script resides and abort if that was mounted with nosuid. > Should be quite simple actually.. That is more than a little gross. I'm not convinced that that solution doesn't do more harm than the problem it is trying to fix. MfG Kai
