From @jquelin

Created by @jquelin

perl 5.12 doesn't ship perlsuid anymore. it's said so in perlsec, with a
small piece of a c code to use as a wrapper calling the real perl
script, the goal being to setuid the wrapper instead.

however, the wrapper could be better, such as sanitizing env, or
whatever any security-aware people will recommend.

==> in order to have a smooth transition, it would be good to provide a
more secure wrapper to be used easily.

Perl Info


Flags:
    category=docs
    severity=low

Site configuration information for perl 5.12.0:

Configured by Mandriva at Thu Apr  8 16:20:55 CEST 2010.

Summary of my perl5 (revision 5 version 12 subversion 0) configuration:
   
  Platform:
    osname=linux, osvers=2.6.33.1-desktop-1mnb, archname=x86_64-linux-thread-multi
    uname='linux localhost 2.6.33.1-desktop-1mnb #1 smp tue mar 16 18:22:58 utc 2010 x86_64 x86_64 x86_64 gnulinux '
    config_args='-des -Dinc_version_list=5.10.1 5.10.0 5.8.8 5.8.7 5.8.6 5.8.5 5.8.4 5.8.3 5.8.2 5.8.1 5.8.0 5.6.1 5.6.0 -Darchname=x86_64-linux -Dcc=x86_64-mandriva-linux-gnu-gcc -Doptimize=-O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -DDEBUGGING=-g -Dprefix=/usr -Dvendorprefix=/usr -Dsiteprefix=/usr -Dsitebin=/usr/local/bin -Dsiteman1dir=/usr/local/share/man/man1 -Dsiteman3dir=/usr/local/share/man/man3 -Dman3ext=3pm -Dcf_by=Mandriva -Dmyhostname=localhost -Dperladmin=root@localhost -Dcf_email=root@localhost -Ud_csh -Duseshrplib -Duseithreads -Di_db -Di_ndbm -Di_gdbm'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=define, usemultiplicity=define
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=define, use64bitall=define, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='x86_64-mandriva-linux-gnu-gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
    ccversion='', gccversion='4.4.3', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='x86_64-mandriva-linux-gnu-gcc', ldflags =' -fstack-protector -L/usr/local/lib64'
    libpth=/usr/local/lib64 /lib64 /usr/lib64
    libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc -lgdbm_compat
    perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
    libc=/lib/libc-2.11.1.so, so=so, useshrplib=true, libperl=libperl.so
    gnulibc_version='2.11.1'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/lib/perl5/5.12.0/x86_64-linux-thread-multi/CORE'
    cccdlflags='-fPIC', lddlflags='-shared -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -L/usr/local/lib64'

Locally applied patches:
    RC4
    Mandriva Linux patches


@INC for perl 5.12.0:
    /home/jquelin/rpm/cooker/perl/BUILD/perl-5.12.0-RC4/lib
    /usr/lib/perl5/site_perl/5.12.0/x86_64-linux-thread-multi
    /usr/lib/perl5/site_perl/5.12.0
    /usr/lib/perl5/vendor_perl/5.12.0/x86_64-linux-thread-multi
    /usr/lib/perl5/vendor_perl/5.12.0
    /usr/lib/perl5/5.12.0/x86_64-linux-thread-multi
    /usr/lib/perl5/5.12.0
    /usr/lib/perl5/site_perl/5.10.1
    /usr/lib/perl5/site_perl/5.10.0
    /usr/lib/perl5/site_perl
    /usr/lib/perl5/vendor_perl/5.10.1
    /usr/lib/perl5/vendor_perl/5.10.0
    /usr/lib/perl5/vendor_perl/5.8.8
    /usr/lib/perl5/vendor_perl
    .


Environment for perl 5.12.0:
    HOME=/home/jquelin
    LANG=fr_FR.UTF-8
    LANGUAGE=fr_FR.UTF-8:fr
    LC_ADDRESS=fr_FR.UTF-8
    LC_COLLATE=fr_FR.UTF-8
    LC_CTYPE=fr_FR.UTF-8
    LC_IDENTIFICATION=fr_FR.UTF-8
    LC_MEASUREMENT=fr_FR.UTF-8
    LC_MESSAGES=fr_FR.UTF-8
    LC_MONETARY=fr_FR.UTF-8
    LC_NAME=fr_FR.UTF-8
    LC_NUMERIC=fr_FR.UTF-8
    LC_PAPER=fr_FR.UTF-8
    LC_SOURCED=1
    LC_TELEPHONE=fr_FR.UTF-8
    LC_TIME=fr_FR.UTF-8
    LD_LIBRARY_PATH=.
    LOGDIR (unset)
    PATH=.:/home/jquelin/bin:/home/jquelin/bin:/home/jquelin/bin:/home/jquelin/bin:/usr/bin:/bin:/usr/local/bin:/usr/X11R6/bin/:/usr/games:/usr/lib/qt4/bin:/sbin:/usr/sbin:/usr/games:/sbin:/usr/sbin:/usr/games:/sbin:/usr/sbin:/usr/games:/sbin:/usr/sbin:/usr/games
    PERL5LIB=/home/jquelin/rpm/cooker/perl/BUILD/perl-5.12.0-RC4/lib
    PERL_BADLANG (unset)
    SHELL=/bin/bash

provide a better c wrapper example in perlsec #10289

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions