CAN-2003-0618 was reported 2003Jul29 to Debian. You can test for the existance of files even if you don't have permission to do so by using the suidperl command. $ su # mkdir ~root/delme; chmod 700 ~root/delme;touch ~root/delme/1 # exit $ suidperl ~root/delme/1 Script is not setuid/setgid in suidperl $ suidperl ~root/delme/2 Can't open perl script "/root/delme/2": No such file ... http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=220486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203426 Affects: 9 Debian released an errata for this issue in Feb 2004.
Does this issue affect FC 1 as well?
The answer to my own question is yes. This still affects perl-suidperl-5.8.3-16. Will we see a RHL 9 erratum before its EOL?
Discussion over the proposed patch reached the conclusion that the patch wasn't the right one to solve this issue without side-effects. In fact Debian recently reissued their packages with an altered fix. Given the low risk of this issue I feel it unlikely that we will errata this for RHL9.