Red Hat Bugzilla – Bug 611009
BackupPC uses perl-suidperl
Last modified: 2010-08-04 12:41:51 EDT
Description of problem:
The release of perl in rawhide does not support perl-suidperl.
BackupPC is the last remaining package which requires perl-suidperl.
It therefore shows up as package with broken deps in rawhide package deps reports, e.g.
i.e. this package is not installable under rawhide
Version-Release number of selected component (if applicable):
This package will have to be removed from
Fedora >=14, should this issue not be resolved.
One simple option would be to create a C wrapper for BackupPC_Admin script and make that setuid instead of the script itself.
See http://perldoc.perl.org/perlsec.html#Security-Bugs for more details.
I've mailed upstream about that issue:
There's also a debian bug about the same issue, but little progress.
Using a C wrapper is really quite simple. Move the existing BackupPC_Admin script to BackupPC_Admin.pl, compile the wrapper and install as /usr/share/BackupPC/sbin/BackupPC_Admin with permissions 4755.
#define REAL_PATH "/usr/share/BackupPC/sbin/BackupPC_Admin.pl"
int main(ac, av)
Thank for the tip Iain :)
I will probably use that to fix the current issue (I really do not want to see BackupPC disappear from repositories).
I won't have tiome for that until next week (I'm very overbooked this week), I hope having some advices from upstream until that.
Someone on BackupPC users mailing list tell me I can use apache suid mechanism (http://sourceforge.net/mailarchive/forum.php?thread_name=4C2F62D4.3010702%40gmail.com&forum_name=backuppc-users).
What do you think about this solution?
Unfortunately, I don't think you'll be able to use apache's suexec mechanism. It's configured at compile time to only execute programs that live under /var/www (and packaging guidelines forbids packages from installing anything under /var/www), and to only execute programs as a user with uid >= 500 and gid >= 100.
This bug appears to have been reported against 'rawhide' during the Fedora 14 development cycle.
Changing version to '14'.
More information and reason for this action is here:
BackupPC-3.1.0-15.fc14 has been submitted as an update for Fedora 14.
BackupPC-3.1.0-15.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update BackupPC'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/BackupPC-3.1.0-15.fc14
BackupPC-3.1.0-15.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.