"Because of the buggy history of suidperl, and the difficulty of properly security auditing as large and complex piece of software as Perl, we cannot recommend using suidperl and the feature should be considered deprecated.
Instead use for example 'sudo': http://www.courtesan.com/sudo/";
Suidperl is dead. Let's let it die.
Which brings me to the point that running stuff setuid, especially scripts, is difficult for a reason -- people have been bitten time and time again.
You would never find a construction like this in, for example, OpenBSD, because it's inherently insecure, whether you've got the race condition bug or not.
Anyway, I'm not going to mess around with this anymore -- I'm using the C wrapper. The one comfort I can take from this discussion is that it will be archived, so that other people can be spared this grief.
-Stephen-
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
