Bug 104906 - perl-5.6.1-36.1.73 requires perl-suidperl - why now?
Summary: perl-5.6.1-36.1.73 requires perl-suidperl - why now?
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: perl (Show other bugs)
(Show other bugs)
Version: 7.3
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Chip Turner
QA Contact: David Lawrence
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-09-23 14:10 UTC by Peter Bieringer
Modified: 2007-04-18 16:57 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-01-05 09:33:24 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Peter Bieringer 2003-09-23 14:10:40 UTC
Description of problem:
Newest perl package (RHSA-2003:256-01) requires perl-suidperl installed.
Why? 


Version-Release number of selected component (if applicable):
perl-5.6.1-36.1.73

How reproducible:
Always

Steps to Reproduce:
1. rpm -Fhv ... without preinstallation of perl-suidperl
2.
3.
    

Actual Results:  Requires perl-suidperl

Expected Results:  Not requires perl-suidperl like older version does (e.g.
perl-5.6.1-34.99.6)

Additional info:

To lower down the number of suid-root programs on a system is always good for
security.

# rpm -ql -v perl-suidperl
-rws--x--x    1 root    root           808526 Aug 18 22:12 /usr/bin/sperl5.6.1
-rws--x--x    1 root    root           808526 Aug 18 22:12 /usr/bin/suidperl

Comment 1 Peter Bieringer 2003-09-23 14:18:05 UTC
And also not so funny: on RHL 7.2 a clean update isn't possible, because no
perl-suidperl package exists:

# rpm -Fhv updates/7.2/en/os/i386/perl-*
error: failed dependencies:
        perl-suidperl is needed by perl-5.6.1-36.1.72

# rpm -ihv updates/7.2/en/os/i386/perl-suidperl-5.6.1-36.1.72.i386.rpm
Preparing...                ########################################### [100%]
file /usr/bin/sperl5.6.1 from install of perl-suidperl-5.6.1-36.1.72 conflicts
with file from package perl-5.6.1-26.72.3
file /usr/bin/suidperl from install of perl-suidperl-5.6.1-36.1.72 conflicts
with file from package perl-5.6.1-26.72.3


Hmm, how to combine -ihv and -Fhv in one step...have to use --nodeps for now I
think.

Comment 2 Peter Bieringer 2003-09-23 14:28:33 UTC
Next info: on RHL 9, no such requirement exists (perl-5.8.0-88.3), also not on
RHL 8.0 (same perl-5.8.0-88.3)

Comment 3 Pavel Kankovsky 2003-09-25 09:30:42 UTC
Please note perl-suidperl is not the only odd dependency that has appeared in
the new version of perl package:

$ rpm -q --requires perl
perl-CPAN  
perl-CGI  
perl-DB_File  
perl-NDBM_File  
perl-suidperl  
...

Neither of them was there before and neither of them makes much sense imho.



Note You need to log in before you can comment on or make changes to this bug.