Your message dated Mon, 2 May 2011 11:09:09 +0100
with message-id <[email protected]>
and subject line perl-suid has been removed from Debian
has caused the Debian Bug report #50151,
regarding [5.6.1] suidperl doesn't check module permissions
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
50151: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=50151
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: perl-5.005
Version: 5.005.03-4
Severity: grave
Hello!
I'm writing a suid perl script and I found that suidperl complains about the
script being world writeable, but allows it to use() world-writeable perl
modules (.pm).
While this is handy for me now, so that I can do programming without becoming
root, this could be a security hole, since perl modules contain arbitrary code
to be executed.
I agree that it's up to the system administrator to use precautions with suid
scripts, but this is not consistent with it complaining for the world-writeable
script itself. One could also argue that the system administrator shouldn't
have to do dependency investigations on its scripts to find out which modules
they do include and what their permissions are.
Read you soon, Enrico
-- System Information
Debian Release: potato
Kernel Version: Linux marvin 2.2.13 #7 Tue Nov 9 00:53:08 CET 1999 i586 unknown
Versions of the packages perl-5.005 depends on:
ii perl-5.005-base 5.005.03-4 The Pathologically Eclectic Rubbish Lister
ii perl-base 5.004.05-1 Fake package assuring that one of the -base
ii perl-5.005-base 5.005.03-4 The Pathologically Eclectic Rubbish Lister
^^^ (Provides virtual package perl5-base)
--- End Message ---
--- Begin Message ---
Hi,
I'm closing these two bugs in perl-suid, since this package has been
removed from Debian (and upstream) with 5.12.
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--- End Message ---
