This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 112255 - Missing package perl-suidperl in RHEL ES 3.0
Missing package perl-suidperl in RHEL ES 3.0
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: distribution (Show other bugs)
3.0
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: dff
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-12-16 13:54 EST by Marc Beauregard
Modified: 2007-11-30 17:06 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-10-15 11:46:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Marc Beauregard 2003-12-16 13:54:58 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

Description of problem:
Package perl-suidperl is not present on the ISOs related to
RHEL ES 3.0.
This package was present in RedHat 7.3, 8 & 9. 


Version-Release number of selected component (if applicable):
I wish

How reproducible:
Always

Steps to Reproduce:
1. Install RedHat EL ES 3.0
or 
1. Search for the RPMs on the ISO disks.

    

Additional info:
Comment 1 Jeff Minelli 2004-01-14 13:34:52 EST
It is also missing on RH AS 3. If you grab the SRPM you can build the
RPM and install it.
Comment 2 Network Operations 2004-01-29 04:13:38 EST
We really need this on ES if we are to migrate from a mixture of BSD 
and RH 7.3...
Comment 3 Marshall Kennard 2004-02-19 11:35:51 EST
This will be critical for our migration from RH-8 and RH-9 to RHEL-ES.
Comment 4 Martin Roest 2004-03-04 10:42:05 EST
Is there any chance the package will be added in RHEL 3.0?
I've compiled the source RPM wich gave me the perl-perlsuid package to
solve my problem for the moment but i like to have up2date/support for
the package
Comment 5 Michael Sims 2004-05-14 16:08:21 EDT
Add me to the list of folks that needs this.  C'mon guys, it's been 5
months since this bug was opened, is there anyone awake at Red Hat? 
Some sort of response would be nice.
Comment 6 Liudvikas Bukys 2004-05-21 14:55:25 EDT
I'd like a perl-perlsuid RPM also.
Comment 7 James Ralston 2004-05-28 17:03:13 EDT
I would also prefer that Red Hat add perl-suidperl to 3AS/3ES/3WS, to
save me the effort of having to build it myself.
Comment 8 James Ralston 2004-06-09 14:27:00 EDT
Since we have a support contract with Red Hat, I used it to draw Red
Hat's attention to this bug.

Red Hat did not include perl-suidperl in RHEL 3 due to concerns over
security issues.  There are currently no plans to add it back into the
distribution, one of the main reasons being that people who need
perl-suidperl can easily rebuild from the SRPM themselves.
Comment 9 Network Operations 2004-06-10 06:16:31 EDT
In response to the comment from James Ralston, that is not a very 
helpful attitude from RedHat. Perhaps we would be better building 
everything we need from source, in which case why bother paying for 
RHEL... RedHat really need to look to their customer base and start 
providing what they want.
Comment 10 nathan r. hruby 2004-06-14 10:30:51 EDT
Ha!  Very odd.  

I too opened a Support Request with Red Hat and got told "Gee Whiz,
you should really put your request in the Bugzilla bug so our
engineers know that you need this package!"  So, here we go:

--- REQUEST
Please put perl-suidperl back.  I have lots of scripts that depend on
it and having to recompile perl just plain sucks.  This is making
RHEL3 migration really really hard.  Please include in Update-3 or sooner.
--- REQUEST

Also, RH Support mentioned Bugzilla
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=122543
having more info about it being added back; however, this bug is not
availible for public review.  My guess is it's the tracker for
packages-to-be?

Argh.
Comment 11 James Ralston 2004-06-25 20:37:13 EDT
I don't know--I think I have to side with Red Hat on this one.

They didn't remove perl-suidperl just to annoy us; they removed it
because they had specific security concerns with it.  I think
defaulting to *not* putting questionably insecure packages in the
distro by default is a Good Thing.

Additionally, it's not like it's a hardship to build it yourself.  Red
Hat didn't stop building perl-suidperl; they just don't include the
package.  All you have to do to get is to download the SRPM and
rebuild it.  Presto, you'll have the perl-suidperl package.
Comment 12 Turadg Aleahmad 2004-07-08 18:56:45 EDT
James, you're right.  It's pretty easy to build perl-suidperl from 
the SRPM.  So how does omitting the binary help security?  Anyone who 
wanted to maliciously install the binary just has one new minor 
hurdle (rpmbuild).

All the omission accomplishes is frustrating normal users and costing 
them time, with no payoff in security.

Is Red Hat ever going to comment on this issue?  Donald Fischer?
Comment 13 Tom "spot" Callaway 2004-10-15 11:46:11 EDT
This package was added in RHEL 3 U3. Closing as CURRENTRELEASE.

Note You need to log in before you can comment on or make changes to this bug.