Fri Oct 29 09:36:39 2010: Request 62552 was acted upon. Transaction: Correspondence added by RSCHUPP Queue: PAR-Packer Subject: disabling taint mode (or: passing options from PERLRUN(1)) Broken in: (no value) Severity: Wishlist Owner: Nobody Requestors: bitc...@post2.25u.com Status: new Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=62552 >
On 2010-10-29 06:47:11, arost wrote: > I have a pp'ed binary (on Linux) which is suid root. Don't do that. PAR::Packer is _not_ audited not to introduce security leaks in packed binaries. Even if your script itself were (i.e. would run under -T or as a setuid _script_). Judging from the Perlmonks article, you haven't even done that: > * and reviewing about 50 KLOC for securing a script on a system where everyone has root access anyway doesn't look like a rewarding activity. So don't expect us to the same job for PAR::Packer. > * the script is used on systems where every user has root access Oh boy :( If that's really the case, I suggest you simply don't make the binary setuid, but run it under sudo instead. Cheers, Roderich