Fri Dec 10 13:44:41 2010: Request 63801 was acted upon.
Transaction: Ticket created by arost
Queue: PAR-Packer
Subject: setuid pp'ed scripts: 1st invocation fails, 2nd+ call ok
Broken in: 1.008
Severity: Important
Owner: Nobody
Requestors: [email protected]
Status: new
Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=63801 >
Dear maintainers,
setuid pp'ed binaries fail upon first invocation. Here's how to
reproduce:
/tmp$ cat > suidtest.pl
#!/usr/bin/perl
print "hello, world, this is $< running as $>!\n";
/tmp$ pp -o suidtest suidtest.pl
/tmp$ sudo chown root:root suidtest
/tmp$ sudo chmod 6755 suidtest
/tmp$ sudo mv suidtest /
/tmp$ ls -l /suidtest
-rwsr-sr-x 1 root root 3792430 Dec 10 19:23 /suidtest
/tmp$ /suidtest
Insecure dependency in utime while running setuid at
/home/userid/.lib/perl-5.12.2/lib/site_perl/5.12.2/Archive/Zip/Directory
Member.pm line 63.
eagle323:/tmp$ /suidtest
hello, world, this is 32288 running as 0!
Depending on what other files are included in the pp'ed archive, the
failure appears in different locations.
Could you please have a look at this?
