• Part I
  • sun managers I
• Part D
  • sun managers D
• Part L
  • sun managers L
• Part H
  • sun managers H
• Part B
  • sun managers B
• Part E
  • sun managers E
• Part J
  • sun managers J
• Part F
  • sun managers F
• Part C
  • sun managers C
• Part K
  • sun managers K

SITEMAP

Is suidperl safe on solaris 2.6?

Hi,

This summary is being submitted very late. Sorry for the delay.

The following friends replied, thank you very much for support.

David Foster <foster@dim.ucsd.edu>

Arthur Darren Dunham <add@netcom.com>

Casper Dik <Casper.Dik@holland.sun.com>

Daniel Muino <dmuino@afip.gov.ar>

"Rodney Wines" <Rodney.Wines@ahqps.alcatel.fr>

The answer is:

Just make your script setuid and you're done. suidperl is required on some

operating systems in order to execute set-uid perl scripts. suidperl used to

be a separate application. On "safe" operating systems (Solaris is considered

safe), you don't need a separate application.

In Solaris all you need to do is make the script set-uid. setuid scripts are

safe on Solaris, so there's no need to use suidperl. suidperl has been created

for use where the OS lacked proper support for setuid scripts, e.g. linux.

Original Post:

Hi,

I am about to use webmail on my servers. The webmail perl script need

suidperl. I have read faqs about suidperl and have found that in past it had

possessed many flaws which have been exploited to gain unauthorised root

access on the system.

My question is that "is it safe to use suidperl these days?"

Moreover, is there any secure version of suidperl available or should I have

to rely on perl5.004.04's suidperl module. I mean just like wu-ftp which is

far more restricted than solaris's built-in ftp service

Thank you

John Black

____________________________________________________________________

Get free email and a permanent address at http://www.netaddress.com/?N=1

S

U BEFORE POSTING please READ the FAQ located at

N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq

. and the list POLICY statement located at

M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy

A To submit questions/summaries to this list send your email message to:

N sun-managers@codeprof.ececs.uc.edu

A To unsubscribe from this list please send an email message to:

G majordomo@codeprof.ececs.uc.edu

E and in the BODY type:

R unsubscribe sun-managers

S Or

. unsubscribe sun-managers original@subscription.address

L To view an archive of this list please visit:

I http://www.latech.edu/sunman.html

S

T

Comments

"sun managers M [Part M]" Sponsored Links

• "sun managers M [Part M]" New Questiones!

  • Is Sparc centre 2000 Y2k complient ?
  • Is periodic reboots of sunservers necessary?
  • Is E220 ufsdump compatible
  • IPX/IPC serial port pinout
  • IPX going down the the > prompt
  • IP over SCSI
  • Invalid IPprom content
  • internal drive termination
  • Intel compatibility
  • Integrating Solaris and Windows NT
  • inststallation of StorEdge D1000 on 220R
  • Installing revisions of already installed Patches
  • Installing patches from sunsolve on multiple systems
  • Installing patch
  • Installing OS on a 4500 without a monitor
  • Installing Network support
  • installing N (big number) stations
  • Installing items on second SCSI card
  • Installing gzip
  • Installing GCC on Solaris 2.5.1

Copyright © 2008 thatsjava.com • All rights reserved • CMS Theme by WebmasterFund.com - 0.359