diff options
author | Nicholas Clark <nick@ccl4.org> | 2009-01-23 22:01:26 +0000 |
---|---|---|
committer | Nicholas Clark <nick@ccl4.org> | 2009-01-23 22:42:21 +0000 |
commit | cc69b689ee7c274593c3c386a61a06ecb909431c (patch) | |
tree | 33b8c1eb3e3a4535244ff2489dc2bb37e865915e /pod/perlsec.pod | |
parent | 42f7d22ff05ce2eb366c8ebf6b7142495d0f9e1f (diff) | |
download | perl-cc69b689ee7c274593c3c386a61a06ecb909431c.tar.gz |
suidperl goes.
Diffstat (limited to 'pod/perlsec.pod')
-rw-r--r-- | pod/perlsec.pod | 9 |
1 files changed, 1 insertions, 8 deletions
diff --git a/pod/perlsec.pod b/pod/perlsec.pod index 59980d6a86..05d95887d5 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -352,11 +352,7 @@ changed, especially if you have symbolic links on your system. Fortunately, sometimes this kernel "feature" can be disabled. Unfortunately, there are two ways to disable it. The system can simply outlaw scripts with any set-id bit set, which doesn't help much. -Alternately, it can simply ignore the set-id bits on scripts. If the -latter is true, Perl can emulate the setuid and setgid mechanism when it -notices the otherwise useless setuid/gid bits on Perl scripts. It does -this via a special executable called F<suidperl> that is automatically -invoked for you if it's needed. +Alternately, it can simply ignore the set-id bits on scripts. However, if the kernel set-id script feature isn't disabled, Perl will complain loudly that your set-id script is insecure. You'll need to @@ -387,9 +383,6 @@ program that builds Perl tries to figure this out for itself, so you should never have to specify this yourself. Most modern releases of SysVr4 and BSD 4.4 use this approach to avoid the kernel race condition. -Prior to release 5.6.1 of Perl, bugs in the code of F<suidperl> could -introduce a security hole. - =head2 Protecting Your Programs There are a number of ways to hide the source to your Perl programs, |