[Eug-lug] Linux- Mac OS X file exchange: This sounds right
Allen Brown
abrown at peak.org
Tue Aug 1 22:16:11 PDT 2006
T. Joseph Carter wrote:
> On Tue, Aug 01, 2006 at 11:18:53AM -0700, Allen Brown wrote:
>
>>>suidperl is a thing that lets you run perl scripts setuid. Normally you
>>>can't do that anymore than you can run a shell script that way. suidperl
>>>is a workaround to make that possible. It's an evil thing, you don't want
>>>it, ever. In fact, I suggest if you're concerned, edit your dpkg status
>>>file and create a fake entry claiming to be suidperl with a version like
>>>7:0.0.0 and no files associated with it or anything.
>>
>>This doesn't feel right. Are you sure this is secure and won't
>>break something else?
>>
>>Looking at the dpkg(8) man page I see mention of "hold"
>> A package marked to be on hold is not handled by dpkg, unless
>> forced to do that with option --force-hold.
>
>
> hold doesn't affect uninstalled packages. However, it seems that the
> suidperl problem is resolved for you if Ubuntu's solution to the problem
> comes from Debian. A non-setuid suidperl effectively does nothing.
The package for it is perl-suid. It doesn't seem to be
installed by default because it isn't on my machine,
at least with Sarge. But Ubuntu may not be very close to
Sarge.
I appended to /var/lib/dpkg/status
Package: perl-suid
Status: install ok installed
Version: 7:0.0.0
Description: perl-suid is a security hole. This is a dummy. Do not
EVER install the real thing.
I have no entries for Priority or Section. After adding
that I ran apt-get and didn't notice any problems.
--
Allen Brown abrown at peak.org http://www.peak.org/~abrown/
o o o o o <o <o> o> o
.|. \|. \|/ // X \ | <| <|>
/\ >\ /< >\ /< >\ /< >\ /<
More information about the EUGLUG
mailing list