Bug 116191 - No setuid perl script support
No setuid perl script support
Status: CLOSED NEXTRELEASE
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: perl (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Chip Turner
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-02-18 16:02 EST by Chris Adams
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-07-22 17:18:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chris Adams 2004-02-18 16:02:17 EST
The perl-5.8.0-88.4 SRPM from RHEL3 builds perl with setuid script
support, but then the built perl-suidperl RPM is not included.  So,
setuid perl scripts are broken, and (since perl thinks they should
work) the error messages is less than obvious about what is wrong.

There are several solutions:

1. Stop building with setuid script support.  This sucks, because I
have  (carefully written) scripts in place that use perl's setuid
support.  There is no easy replacement, except to go write a bunch of
C wrappers (which would probably be less secure, as it is easy to make
mistakes doing that).

2. Include the perl-suidperl RPM.  Is there a reason why this isn't
there now?

3. Change the Linux kernel to support secure setuid scripts.  This
would be the ideal fix, as more than just perl would benefit.  I see
that this topic comes up every once in a while, and one argument
against the kernel doing it is "well, the only safe setuid script
language is perl, and it does it itself already" (which is now not the
case under RHEL3).  It seems to me that this is a case of the kernel
enforcing policy, which seems to be opposite to the standard Linux way.
Comment 1 Geoffrey D. Bennett 2004-02-26 02:09:50 EST
I think it was intended to be in there but just got lost on its way:

# rpm --redhatprovides /usr/bin/suidperl
perl-suidperl-5.8.0-88.4
# up2date perl-suidperl
The following packages you requested were not found:
perl-suidperl
Comment 2 Martin Roest 2004-03-04 10:37:08 EST
isn't this a duplicate of bug 112255
Comment 3 Chris Adams 2004-03-04 10:40:34 EST
More or less - I missed it because I looked for bugs against "perl"
instead of "distribution".

I still think the ideal solution would be to change the kernel to
handle setuid scripts.  It isn't a big change (and then there'd be no
need for sperl).
Comment 4 Milan Kerslager 2004-04-14 05:20:49 EDT
Scripts using various unsafe programs that are not intended to run 
SUID root at least. So I dont't believe that there will be kernel 
with scripts SUID bit support.
Comment 5 Leonard den Ottolander 2004-04-21 13:33:54 EDT
Is there any need to keep this report open, or can it be closed a
duplicate from bug 112255?
Comment 6 Chris Adams 2004-07-22 17:18:26 EDT
I see that perl-suidperl is in the update 3 beta.  Thanks.

Note You need to log in before you can comment on or make changes to this bug.