Bug 15856 - RFE: suidperl split to a subpackage
RFE: suidperl split to a subpackage
Product: Red Hat Linux
Classification: Retired
Component: perl (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Chip Turner
: Security
Depends On:
  Show dependency treegraph
Reported: 2000-08-09 13:11 EDT by Pekka Savola
Modified: 2008-05-01 11:37 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-12-13 16:14:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Pekka Savola 2000-08-09 13:11:05 EDT
In the view of the latest suidperl exploit and the fact that
suidperl is used only in a very rare circumstances (not by
Red Hat RPMS at least :), it'd be a good idea to split it to
a subpackage which wouldn't be installed by default.
Comment 1 Bill Nottingham 2000-08-09 13:39:15 EDT
Or just remove it completely. :)
Comment 2 Chris Evans 2000-08-11 08:39:00 EDT
How about put the new suidperl package on Powertools so that an install of "everything" in the standard distro has one less maniac 
suid-root program?
P.S. to be awkward, severity -> security :-)
P.P.S. Speaking of maniac suid-root programs why is procmail suid-root?
Comment 3 Bill Nottingham 2000-08-11 09:59:28 EDT
procmail is setuid root to do mail delivery.

Putting sperl in powertools is complex merely due to our
build process (having one source RPM make package X for
the main distro and package Y from the powertools is not
really supported at the moment.)
Comment 4 Pekka Savola 2000-12-18 12:35:16 EST
I think this should now be taken to reconsideration :-)

The most difficult change would be listing all bindir filenames in 
the spec file instead of %{_bindir}/*.

No need to even add perl-suidperl to RedHat/base/comps ;-)
Comment 5 Christian Rose 2001-01-17 06:25:44 EST
I believe Debian has a seperate "perl-suid" package.
I agree that splitting suidperl in a seperate package, not installed by default,
is the only sane thing to do, besides not shipping it at all, which of course
also is a solution.
Comment 6 Chris Evans 2001-02-11 19:27:36 EST
This bug would be a good one to re-visit for RH7.1 final.
Here is the rationale:
- 7.1 beta-3 is looking _very_ secure, so eliminating some
of the bigger suid-root stuff is likely to be a big win.
- Hardly anyone uses suid-perl.

Perhaps the following way of proceeding would keep most
people happy:
- Split suid-perl into a sub-package
- Keep it in the main distro
- Only install it if explicitly selected in the installer
- i.e. its one of the magic packages omitted by an "everything"
- also, the common install classes should _not_ contain the
new package.
Comment 7 Bill Nottingham 2001-12-13 16:14:42 EST
Chip, can you please do this for your next build?
Comment 8 Chip Turner 2002-03-01 15:33:22 EST
Latest RAWHIDE perl will now split off a perl-suidperl package with one file,

Note You need to log in before you can comment on or make changes to this bug.