Red Hat Bugzilla – Bug 112255
Missing package perl-suidperl in RHEL ES 3.0
Last modified: 2007-11-30 17:06:59 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Description of problem:
Package perl-suidperl is not present on the ISOs related to
RHEL ES 3.0.
This package was present in RedHat 7.3, 8 & 9.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install RedHat EL ES 3.0
1. Search for the RPMs on the ISO disks.
It is also missing on RH AS 3. If you grab the SRPM you can build the
RPM and install it.
We really need this on ES if we are to migrate from a mixture of BSD
and RH 7.3...
This will be critical for our migration from RH-8 and RH-9 to RHEL-ES.
Is there any chance the package will be added in RHEL 3.0?
I've compiled the source RPM wich gave me the perl-perlsuid package to
solve my problem for the moment but i like to have up2date/support for
Add me to the list of folks that needs this. C'mon guys, it's been 5
months since this bug was opened, is there anyone awake at Red Hat?
Some sort of response would be nice.
I'd like a perl-perlsuid RPM also.
I would also prefer that Red Hat add perl-suidperl to 3AS/3ES/3WS, to
save me the effort of having to build it myself.
Since we have a support contract with Red Hat, I used it to draw Red
Hat's attention to this bug.
Red Hat did not include perl-suidperl in RHEL 3 due to concerns over
security issues. There are currently no plans to add it back into the
distribution, one of the main reasons being that people who need
perl-suidperl can easily rebuild from the SRPM themselves.
In response to the comment from James Ralston, that is not a very
helpful attitude from RedHat. Perhaps we would be better building
everything we need from source, in which case why bother paying for
RHEL... RedHat really need to look to their customer base and start
providing what they want.
Ha! Very odd.
I too opened a Support Request with Red Hat and got told "Gee Whiz,
you should really put your request in the Bugzilla bug so our
engineers know that you need this package!" So, here we go:
Please put perl-suidperl back. I have lots of scripts that depend on
it and having to recompile perl just plain sucks. This is making
RHEL3 migration really really hard. Please include in Update-3 or sooner.
Also, RH Support mentioned Bugzilla
having more info about it being added back; however, this bug is not
availible for public review. My guess is it's the tracker for
I don't know--I think I have to side with Red Hat on this one.
They didn't remove perl-suidperl just to annoy us; they removed it
because they had specific security concerns with it. I think
defaulting to *not* putting questionably insecure packages in the
distro by default is a Good Thing.
Additionally, it's not like it's a hardship to build it yourself. Red
Hat didn't stop building perl-suidperl; they just don't include the
package. All you have to do to get is to download the SRPM and
rebuild it. Presto, you'll have the perl-suidperl package.
James, you're right. It's pretty easy to build perl-suidperl from
the SRPM. So how does omitting the binary help security? Anyone who
wanted to maliciously install the binary just has one new minor
All the omission accomplishes is frustrating normal users and costing
them time, with no payoff in security.
Is Red Hat ever going to comment on this issue? Donald Fischer?
This package was added in RHEL 3 U3. Closing as CURRENTRELEASE.