Subject: Re: SetUID scripts
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
From: Aron T. Roberts <aroberts@wolfenet.com>
List: netbsd-help
Date: 07/03/1996 13:33:06
On Wed, 3 Jul 1996, Ken Hornstein wrote:
> Perl gets around this hole by having "suidperl" stat the file that gets opened
> and making sure that there are actually setuid bits on that file and that it
> is owned by root.
though a major security hole has been found in suidperl in release 3, 4
and 5.... I believe perl 5.003 addresses the problem...
It amounts to being able to gain a root shell with an approximately 4 line
perl script.
I havn't had a chance to test it on my NetBSD box.. but the exploit script
worked on FreeBSD, BSDI, Linux, IRIX,... among others
aron roberts
aroberts@wolfenet.com