[Adduser-devel] Bug#214546: adduser complains about insecure PATH setting when running setuid
Christoph Berg
myon at debian.org
Thu Jun 28 21:00:25 UTC 2007
found 214546 3.103
thanks
Re: Joerg Hoh 2007-06-24 <200706241150.14134.joerg at joerghoh.de>
> Since the rewrite some time ago (and the introduction of "use strict") the
> usage of the perl security features in adduser has been improved. Is this
> problem still valid?
Just tried it, still doesn't work:
$ tail -1 /etc/super.tab
adduser /usr/sbin/adduser cb env=PATH
$ super adduser foo
Adding user `foo' ...
Adding new group `foo' (1012) ...
Insecure $ENV{PATH} while running setuid at
/usr/share/perl5/Debian/AdduserCommon.pm line 161.
[exit 2]
Christoph
--
cb at df7cb.de | http://www.df7cb.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20070628/3535ab4e/attachment.pgp
More information about the Adduser-devel
mailing list