Dear all, http://www.debian.org/security/2004/dsa-431 says:
> ... an attacker could abuse suidperl to discover information about files > (such as testing for their existence and some of their permissions) that > should not be accessible to unprivileged users. > > For the current stable distribution (woody) this problem has been fixed > in version 5.6.1-8.6. Sorry, it is not fixed. As noted in http://bugs.debian.org/203426 : [EMAIL PROTECTED]:~$ dpkg -l perl-suid Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name Version Description +++-==============-==============-============================================ ii perl-suid 5.6.1-8.6 Runs setuid Perl scripts. [EMAIL PROTECTED]:~$ for file in nosuch file sfile; do > echo "[$file]" > /usr/bin/time -v suidperl /tmp/test/$file 2>&1 | grep Major > done [nosuch] Major (requiring I/O) page faults: 189 [file] Major (requiring I/O) page faults: 191 [sfile] Major (requiring I/O) page faults: 191 [EMAIL PROTECTED]:~$ As noted in that discussion, you cannot allow suidperl to open anything as root. Kindly use the patch I provided to swap UIDs before open; or better, the patch to open in perl then pass /dev/fd/XXX to suidperl; see also the patches I am "pushing" (and discussion) on perl5-porters@perl.org . Cheers, Paul Szabo - [EMAIL PROTECTED] http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia
