Description of problem: The release of perl in rawhide does not support perl-suidperl. BackupPC is the last remaining package which requires perl-suidperl. It therefore shows up as package with broken deps in rawhide package deps reports, e.g. http://lists.fedoraproject.org/pipermail/devel/2010-July/138206.html i.e. this package is not installable under rawhide Version-Release number of selected component (if applicable): BackupPC-0:3.1.0-14.fc14 Additional info: This package will have to be removed from Fedora >=14, should this issue not be resolved.
One simple option would be to create a C wrapper for BackupPC_Admin script and make that setuid instead of the script itself. See http://perldoc.perl.org/perlsec.html#Security-Bugs for more details.
I've mailed upstream about that issue: - http://sourceforge.net/mailarchive/forum.php?thread_name=4C2EEAA6.7090004%40x-tnd.be&forum_name=backuppc-users - http://sourceforge.net/mailarchive/forum.php?thread_name=4C2EF16A.1070505%40x-tnd.be&forum_name=backuppc-devel
There's also a debian bug about the same issue, but little progress. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581950 Using a C wrapper is really quite simple. Move the existing BackupPC_Admin script to BackupPC_Admin.pl, compile the wrapper and install as /usr/share/BackupPC/sbin/BackupPC_Admin with permissions 4755. #include <unistd.h> #ifndef REAL_PATH #define REAL_PATH "/usr/share/BackupPC/sbin/BackupPC_Admin.pl" #endif int main(ac, av) char **av; { execv(REAL_PATH, av); return 0; }
Thank for the tip Iain :) I will probably use that to fix the current issue (I really do not want to see BackupPC disappear from repositories). I won't have tiome for that until next week (I'm very overbooked this week), I hope having some advices from upstream until that.
Someone on BackupPC users mailing list tell me I can use apache suid mechanism (http://sourceforge.net/mailarchive/forum.php?thread_name=4C2F62D4.3010702%40gmail.com&forum_name=backuppc-users). What do you think about this solution?
Unfortunately, I don't think you'll be able to use apache's suexec mechanism. It's configured at compile time to only execute programs that live under /var/www (and packaging guidelines forbids packages from installing anything under /var/www), and to only execute programs as a user with uid >= 500 and gid >= 100.
This bug appears to have been reported against 'rawhide' during the Fedora 14 development cycle. Changing version to '14'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
BackupPC-3.1.0-15.fc14 has been submitted as an update for Fedora 14. http://admin.fedoraproject.org/updates/BackupPC-3.1.0-15.fc14
BackupPC-3.1.0-15.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update BackupPC'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/BackupPC-3.1.0-15.fc14
BackupPC-3.1.0-15.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.