summaryrefslogtreecommitdiff
path: root/pod/perlsec.pod
diff options
context:
space:
mode:
authorNicholas Clark <nick@ccl4.org>2009-01-23 22:01:26 +0000
committerNicholas Clark <nick@ccl4.org>2009-01-23 22:42:21 +0000
commitcc69b689ee7c274593c3c386a61a06ecb909431c (patch)
tree33b8c1eb3e3a4535244ff2489dc2bb37e865915e /pod/perlsec.pod
parent42f7d22ff05ce2eb366c8ebf6b7142495d0f9e1f (diff)
downloadperl-cc69b689ee7c274593c3c386a61a06ecb909431c.tar.gz
suidperl goes.
Diffstat (limited to 'pod/perlsec.pod')
-rw-r--r--pod/perlsec.pod9
1 files changed, 1 insertions, 8 deletions
diff --git a/pod/perlsec.pod b/pod/perlsec.pod
index 59980d6a86..05d95887d5 100644
--- a/pod/perlsec.pod
+++ b/pod/perlsec.pod
@@ -352,11 +352,7 @@ changed, especially if you have symbolic links on your system.
Fortunately, sometimes this kernel "feature" can be disabled.
Unfortunately, there are two ways to disable it. The system can simply
outlaw scripts with any set-id bit set, which doesn't help much.
-Alternately, it can simply ignore the set-id bits on scripts. If the
-latter is true, Perl can emulate the setuid and setgid mechanism when it
-notices the otherwise useless setuid/gid bits on Perl scripts. It does
-this via a special executable called F<suidperl> that is automatically
-invoked for you if it's needed.
+Alternately, it can simply ignore the set-id bits on scripts.
However, if the kernel set-id script feature isn't disabled, Perl will
complain loudly that your set-id script is insecure. You'll need to
@@ -387,9 +383,6 @@ program that builds Perl tries to figure this out for itself, so you
should never have to specify this yourself. Most modern releases of
SysVr4 and BSD 4.4 use this approach to avoid the kernel race condition.
-Prior to release 5.6.1 of Perl, bugs in the code of F<suidperl> could
-introduce a security hole.
-
=head2 Protecting Your Programs
There are a number of ways to hide the source to your Perl programs,