Bug 611009

Summary: BackupPC uses perl-suidperl
Product: [Fedora] Fedora Reporter: Ralf Corsepius <rc040203>
Component: BackupPCAssignee: Johan Cwiklinski <fedora>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 14CC: fedora, iarnell, jlaska, mmaslano, robatino
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: BackupPC-3.1.0-15.fc14 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-08-03 02:20:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 620623    

Description Ralf Corsepius 2010-07-03 05:12:38 UTC
Description of problem:
The release of perl in rawhide does not support perl-suidperl.

BackupPC is the last remaining package which requires perl-suidperl.
It therefore shows up as package with broken deps in rawhide package deps reports, e.g.

i.e. this package is not installable under rawhide

Version-Release number of selected component (if applicable):

Additional info:
This package will have to be removed from 
Fedora >=14, should this issue not be resolved.

Comment 1 Iain Arnell 2010-07-03 06:24:49 UTC
One simple option would be to create a C wrapper for BackupPC_Admin script and make that setuid instead of the script itself.

See http://perldoc.perl.org/perlsec.html#Security-Bugs for more details.

Comment 3 Iain Arnell 2010-07-03 09:04:15 UTC
There's also a debian bug about the same issue, but little progress.


Using a C wrapper is really quite simple. Move the existing BackupPC_Admin script to BackupPC_Admin.pl, compile the wrapper and install as /usr/share/BackupPC/sbin/BackupPC_Admin with permissions 4755.

#include <unistd.h>
#ifndef REAL_PATH
#define REAL_PATH "/usr/share/BackupPC/sbin/BackupPC_Admin.pl"
int main(ac, av)
char **av;
    execv(REAL_PATH, av);
    return 0;

Comment 4 Johan Cwiklinski 2010-07-03 09:21:05 UTC
Thank for the tip Iain :)

I will probably use that to fix the current issue (I really do not want to see BackupPC disappear from repositories).

I won't have tiome for that until next week (I'm very overbooked this week), I hope having some advices from upstream until that.

Comment 5 Johan Cwiklinski 2010-07-03 20:34:55 UTC
Someone on BackupPC users mailing list tell me I can use apache suid mechanism (http://sourceforge.net/mailarchive/forum.php?thread_name=4C2F62D4.3010702%40gmail.com&forum_name=backuppc-users).

What do you think about this solution?

Comment 6 Iain Arnell 2010-07-04 06:39:47 UTC
Unfortunately, I don't think you'll be able to use apache's suexec mechanism. It's configured at compile time to only execute programs that live under /var/www (and packaging guidelines forbids packages from installing anything under /var/www), and to only execute programs as a user with uid >= 500 and gid >= 100.

Comment 7 Bug Zapper 2010-07-30 12:25:02 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 14 development cycle.
Changing version to '14'.

More information and reason for this action is here:

Comment 8 Fedora Update System 2010-07-31 20:44:59 UTC
BackupPC-3.1.0-15.fc14 has been submitted as an update for Fedora 14.

Comment 9 Fedora Update System 2010-08-01 19:27:38 UTC
BackupPC-3.1.0-15.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update BackupPC'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/BackupPC-3.1.0-15.fc14

Comment 10 Fedora Update System 2010-08-03 02:19:59 UTC
BackupPC-3.1.0-15.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.