Bug 104906

Summary: perl-5.6.1-36.1.73 requires perl-suidperl - why now?
Product: [Retired] Red Hat Linux Reporter: Peter Bieringer <pb>
Component: perlAssignee: Chip Turner <cturner>
Status: CLOSED CURRENTRELEASE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3CC: jw35
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-01-05 09:33:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Peter Bieringer 2003-09-23 14:10:40 UTC 
Description of problem:
Newest perl package (RHSA-2003:256-01) requires perl-suidperl installed.
Why? 


Version-Release number of selected component (if applicable):
perl-5.6.1-36.1.73

How reproducible:
Always

Steps to Reproduce:
1. rpm -Fhv ... without preinstallation of perl-suidperl
2.
3.
    

Actual Results:  Requires perl-suidperl

Expected Results:  Not requires perl-suidperl like older version does (e.g.
perl-5.6.1-34.99.6)

Additional info:

To lower down the number of suid-root programs on a system is always good for
security.

# rpm -ql -v perl-suidperl
-rws--x--x    1 root    root           808526 Aug 18 22:12 /usr/bin/sperl5.6.1
-rws--x--x    1 root    root           808526 Aug 18 22:12 /usr/bin/suidperl
Comment 1 Peter Bieringer 2003-09-23 14:18:05 UTC 
And also not so funny: on RHL 7.2 a clean update isn't possible, because no
perl-suidperl package exists:

# rpm -Fhv updates/7.2/en/os/i386/perl-*
error: failed dependencies:
        perl-suidperl is needed by perl-5.6.1-36.1.72

# rpm -ihv updates/7.2/en/os/i386/perl-suidperl-5.6.1-36.1.72.i386.rpm
Preparing...                ########################################### [100%]
file /usr/bin/sperl5.6.1 from install of perl-suidperl-5.6.1-36.1.72 conflicts
with file from package perl-5.6.1-26.72.3
file /usr/bin/suidperl from install of perl-suidperl-5.6.1-36.1.72 conflicts
with file from package perl-5.6.1-26.72.3


Hmm, how to combine -ihv and -Fhv in one step...have to use --nodeps for now I
think.
Comment 2 Peter Bieringer 2003-09-23 14:28:33 UTC 
Next info: on RHL 9, no such requirement exists (perl-5.8.0-88.3), also not on
RHL 8.0 (same perl-5.8.0-88.3)
Comment 3 Pavel Kankovsky 2003-09-25 09:30:42 UTC 
Please note perl-suidperl is not the only odd dependency that has appeared in
the new version of perl package:

$ rpm -q --requires perl
perl-CPAN  
perl-CGI  
perl-DB_File  
perl-NDBM_File  
perl-suidperl  
...

Neither of them was there before and neither of them makes much sense imho.