Bug#521584: perl-suid: -U no longer behaves as expected to allow insecure operations
Adam Rosi-Kessel
adam at bostoncoop.net
Sat Mar 28 17:00:18 UTC 2009
Package: perl-suid
Version: 5.10.0-19
Severity: normal
After upgrading perl/perl-suid, none of my setuid CGI scripts work.
Insecure dependency in require while running setuid at /usr/share/perl/5.10/AutoLoader.pm line 27.
Insecure dependency in require while running setuid at ../../lib/Storable.pm (autosplit into ../../lib/auto/Storable/CAN_FLOCK.al) line 89.
The scripts all start with
#!/usr/bin/perl -U
which caused this error to be ignored with perl5.8/apache1.3. But after
the upgrade, perl -U doesn't seem to fix the problem, so none of the
scripts work.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.27.2-xenU (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages perl-suid depends on:
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libperl5.10 5.10.0-19 Shared Perl library
ii perl 5.10.0-19 Larry Wall's Practical Extraction
perl-suid recommends no packages.
perl-suid suggests no packages.
-- no debconf information
More information about the Perl-maintainers
mailing list