diff options
| author | Nicholas Clark <nick@ccl4.org> | 2004-04-20 16:12:49 +0000 |
|---|---|---|
| committer | Nicholas Clark <nick@ccl4.org> | 2004-04-20 16:12:49 +0000 |
| commit | 18b810caba1ff3a8890bc392e4295393205e4c8e (patch) | |
| tree | 61de57faa129093040f775a7dde7af1c41a482ad | |
| parent | cc5f7b51347dc0d99d849e19d8755fc160395010 (diff) | |
| download | perl-18b810caba1ff3a8890bc392e4295393205e4c8e.tar.gz | |
Simpler suggstion to resolve the #!/usr/bin/suidperl vs. the set uid
binary must have fd script conundrum, as suggested by Brendan O'Dea
Plus restore the more helpful error message from 22694 and the gist
of the perl584delta changes from 22700
p4raw-id: //depot/maint-5.8/perl@22720
| -rwxr-xr-x | installperl | 2 | ||||
| -rw-r--r-- | perl.c | 5 | ||||
| -rw-r--r-- | pod/perl584delta.pod | 20 |
3 files changed, 17 insertions, 10 deletions
diff --git a/installperl b/installperl index 834a51e39e..a3e698bec3 100755 --- a/installperl +++ b/installperl @@ -457,7 +457,7 @@ if (! $versiononly && ! samepath($installbin, '.') && ($^O ne 'dos') && ! $Is_VM link("$installbin/$perl_verbase$ver$exe_ext", "$installbin/$perl$exe_ext"); } - link("$installbin/s$perl_verbase$ver$exe_ext", + link("$installbin/$perl_verbase$ver$exe_ext", "$installbin/suid$perl$exe_ext") if $d_dosuid; } @@ -3111,7 +3111,10 @@ S_open_script(pTHX_ char *scriptname, bool dosearch, SV *sv) } #ifdef IAMSUID else { - Perl_croak(aTHX_ "suidperl needs fd script\n"); + Perl_croak(aTHX_ "sperl needs fd script\n" + "You should not call sperl directly; do you need to " + "change a #! line\nfrom sperl to perl?\n"); + /* PSz 11 Nov 03 * Do not open (or do other fancy stuff) while setuid. * Perl does the open, and hands script to suidperl on a fd; diff --git a/pod/perl584delta.pod b/pod/perl584delta.pod index 697225204a..87ebeb8a10 100644 --- a/pod/perl584delta.pod +++ b/pod/perl584delta.pod @@ -25,9 +25,6 @@ such as newline and backspace are output in C<\x> notation, rather than octal. This might just confuse non-robust tools which parse the output of modules such as Devel::Peek. -You may no longer invoke suidperl directly; any script which uses -#!/usr/bin/suidperl should be changed to use #!/usr/bin/perl. - =head1 Core Enhancements =head2 Malloc wrapping @@ -49,11 +46,18 @@ been updated to 4.0.1 from 4.0.0. =head2 suidperl less insecure Paul Szabo has analysed and patched C<suidperl> to remove existing known -insecurities. Currently there are no known holes in C<suidperl>, but -previous experience shows that we cannot be confident that these were the -last. For new projects the core perl team would strongly recommend that you -use dedicated, single purpose security tools such as C<sudo> in preference -to C<suidperl>. +insecurities. Currently there are no known holes in C<suidperl>, but previous +experience shows that we cannot be confident that these were the last. You may +no longer invoke the set uid perl directly, so to preserve backwards +compatibility with scripts that invoke #!/usr/bin/suidperl the only set uid +binary is now C<sperl5.8.>I<n> (C<sperl5.8.4> for this release). C<suidperl> +is installed as a hard link to C<perl>; both C<suidperl> and C<perl> will +invoke C<sperl5.8.4> automatically the set uid binary, so this change should +be completely transparent. + +For new projects the core perl team would strongly recommend that you use +dedicated, single purpose security tools such as C<sudo> in preference to +C<suidperl>. =head2 format |