Fri Oct 29 09:36:39 2010: Request 62552 was acted upon.
Transaction: Correspondence added by RSCHUPP
Queue: PAR-Packer
Subject: disabling taint mode (or: passing options from PERLRUN(1))
Broken in: (no value)
Severity: Wishlist
Owner: Nobody
Requestors: bitc...@post2.25u.com
Status: new
Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=62552 >
On 2010-10-29 06:47:11, arost wrote:
> I have a pp'ed binary (on Linux) which is suid root.
Don't do that. PAR::Packer is _not_ audited not to introduce
security leaks in packed binaries. Even if your script
itself were (i.e. would run under -T or as a setuid _script_).
Judging from the Perlmonks article, you haven't even done that:
> * and reviewing about 50 KLOC for securing a script on a system
where everyone has root access anyway doesn't look like a rewarding
activity.
So don't expect us to the same job for PAR::Packer.
> * the script is used on systems where every user has root access
Oh boy :( If that's really the case, I suggest you simply
don't make the binary setuid, but run it under sudo instead.
Cheers, Roderich
