Re: CERT Advisory CA-96.12 - Vulnerability in suidperlu

Alan Cox (alan@cymru.net)
Thu, 27 Jun 1996 09:19:59 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: Freezing...."
Previous message: Andries.Brouwer@cwi.nl: "Re: possible SCSI device numbering solution"
In reply to: Theodore Ts'o: "Re: CERT Advisory CA-96.12 - Vulnerability in suidperl"

> Topic: Vulnerability in suidperl
>
> Linux
> =====
> Linux 1.2 and 2.0 support saved set-user-id.
>
> Most distributions of Linux provide suidperl and sperl.
>
> The fixsperl script works on linux, and it is recommended that this
> fix be applied until a new Perl release is made.
>
> Note that to the best of my knowledge and understanding, Linux is *not*
> vulnerable due to how we handle the setreuid() system call ---
> setreuid() sets the saved set-user-id under certain circumstances,
> including those which perl uses. So people don't need to panic; I don't
> believe we need to disable suidperl under Linux.

Yes you do Ted. The exploit is trivial and works. The saved set-user-id is
not cleared by suidperl as it doesnt exec. I checked the exploit well before
Iprovided cert the info.

Bottom Line: DO APPLY LARRY WALLS FIXPERL

Alan

Next message: Alan Cox: "Re: Freezing...."
Previous message: Andries.Brouwer@cwi.nl: "Re: possible SCSI device numbering solution"
In reply to: Theodore Ts'o: "Re: CERT Advisory CA-96.12 - Vulnerability in suidperl"