gt; this information or whether it should eventually go somewhere like the
> > release notes for wheezy.
>
> My initial feeling is that this is overkill. The perl package is installed
> on all Debian systems (well, 99.45% according to popcon), and I expect
> that only a very ti
On Thu, 23 Aug 2007 13:26:10 -0400, Joey Hess <[EMAIL PROTECTED]>
wrote:
>Of course the downside is that only
>people capable of writing secure C code need apply..
Yes. I am not one of these. Which is why I chose a script language.
I find the idea of removing an existing and working tool quite
di
Marc Haber wrote:
> What is the current recommended way to run perl scripts suid?
Ever since that warning was added to perl-suid, many years ago, I've
been writing my own suid wrappers for perl scripts in C.
> Why is perl-suid going away, and how am I supposed to replace its
> functionality?
Wel
Hi,
from the package description of perl-suid:
| Usage of this program is now strongly deprecated upstream and support
| (along with this package) will probably be removed in 5.10.
What is the current recommended way to run perl scripts suid?
Please note that I do not want to use sudo on the sys
According to Jules Bean:
> On Sun, 31 Jan 1999, Chip Salzenberg wrote:
> > Consider that I may wish to mount a filesystem nosuid for the purpose
> > of making a tape backup. Would I want the suid bits turned off in the
> > backup image? I think not.
>
> Why not just mount it somewhere only you c
On Sun, 31 Jan 1999, Chip Salzenberg wrote:
> According to Jules Bean:
> > On Sun, 31 Jan 1999, Chip Salzenberg wrote:
> > > Every OS has a different set of mount options that may or may not be
> > > relevant to setuid security. I don't see what 'higher level' would be
> > > useful.
> >
> > The
On Sun, 31 Jan 1999, Chip Salzenberg wrote:
> > As it is, noexec is almost useless. I can't help thinking that
> > *all* interpreters *should* check noexec status.
>
> What's the point? Such files can be copied to /tmp and run there
If one were trying to secure such a system then you would
According to Jules Bean:
> On Sun, 31 Jan 1999, Chip Salzenberg wrote:
> > Every OS has a different set of mount options that may or may not be
> > relevant to setuid security. I don't see what 'higher level' would be
> > useful.
>
> The correct solution to this, surely, is for the mount nosuid t
According to Jules Bean:
> On Sun, 31 Jan 1999, Chip Salzenberg wrote:
> > The code exists to check the mount options relevant to an open file.
> > It's just a Small Matter of Programming to integrate that into the
> > Perl source code, and disable emultation of setuid scripts when the
> > 'nosuid'
On Sun, 31 Jan 1999, Chip Salzenberg wrote:
>
> The code exists to check the mount options relevant to an open file.
> It's just a Small Matter of Programming to integrate that into the
> Perl source code, and disable emultation of setuid scripts when the
> 'nosuid' mount option is set.
But, then
According to Michael Stone:
> Quoting Chip Salzenberg ([EMAIL PROTECTED]):
> > According to Michael Stone:
> > > Quoting Wichert Akkerman ([EMAIL PROTECTED]):
> > > > What perl-suid should do is check the mountoptions for the filesystem on
> > > > which the script resides and abort if that was moun
On Sun, 31 Jan 1999, Chip Salzenberg wrote:
> According to Michael Stone:
> > Quoting Wichert Akkerman ([EMAIL PROTECTED]):
> > > What perl-suid should do is check the mountoptions for the filesystem on
> > > which the script resides and abort if that was mounted with nosuid.
> > > Should be quite
Quoting Chip Salzenberg ([EMAIL PROTECTED]):
> According to Michael Stone:
> > Quoting Wichert Akkerman ([EMAIL PROTECTED]):
> > > What perl-suid should do is check the mountoptions for the filesystem on
> > > which the script resides and abort if that was mounted with nosuid.
> > > Should be quite
According to Michael Stone:
> Quoting Wichert Akkerman ([EMAIL PROTECTED]):
> > What perl-suid should do is check the mountoptions for the filesystem on
> > which the script resides and abort if that was mounted with nosuid.
> > Should be quite simple actually..
>
> But that's still not general en
14 matches
Mail list logo
