+++ This bug was initially created as a clone of Bug #114923 +++ CAN-2003-0618 was reported 2003Jul29 to Debian. You can test for the existance of files even if you don't have permission to do so by using the suidperl command. $ su # mkdir ~root/delme; chmod 700 ~root/delme;touch ~root/delme/1 # exit $ suidperl ~root/delme/1 Script is not setuid/setgid in suidperl $ suidperl ~root/delme/2 Can't open perl script "/root/delme/2": No such file ... http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=220486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203426 Affects: 2.1AS 2.1ES 2.1AW 2.1WS (5.6.1) Affects: 3AS 3ES 3WS (5.8.0) Debian released an errata for this issue in Feb 2004. -- Additional comment from mjc on 2004-02-09 10:40 EST -- Actually this doesn't affect RHEL3 because the setuid perl package was not shipped. -- Additional comment from bressers on 2005-05-04 18:04 EST -- I did some verification work on this one. This issue does affect RHEL3. We may not have shipped perl-suidperl in the past, we do now. -- Additional comment from jvdias on 2006-04-21 21:24 EST -- fixed with perl-5.6.1-38.EL2_1
Sorry this bug languished in the RHEL-2.1 queue for so long - it DOES affect RHEL-3 also, and is now fixed with perl-5.8.0-93.EL3 . With up to and including perl-5.8.0-92.EL3, you could do: ( as root ): # mkdir secret # chmod 0700/secret # touch secret/1.pl # su nobody ( as nobody ): $ suidperl /tmp/secret/1.pl Script is not setuid/setgid in suidperl $ suidperl /tmp/secret/2 Can't open perl script: Operation not permitted Now, for both "nobody" commands above, perl-5.8.0-93.EL3 will say only "Permission denied" .
assigning to rnorwood