Bug#628042: perl: file creation in suid Perl script no longer works
Vincent Lefevre
vincent at vinc17.net
Fri May 27 11:01:23 UTC 2011
retitle 628042 no longer suid Perl script support
thanks
This can be seen with:
#!/usr/bin/perl -T
print "$< $>\n";
On 2011-05-27 11:33:57 +0100, Dominic Hargreaves wrote:
> Upstream removed suidperl support in 5.12. I think we should indeed
> have announced this better (although you will have seen the perl-suid
> package being removed).
First I didn't see it because I upgraded many packages. Moreover
this could have meant that suidperl were moved in the perl package.
> We don't seem to have a NEWS.Debian file in the perl package; I
> wonder if this would be a suitable place to put this information or
> whether it should eventually go somewhere like the release notes for
> wheezy.
Yes, this would be a suitable place, in particular because
apt-listchanges would have displayed the change *before* the
upgrade, and the admin/user can cancel the upgrade. This lets
the admin/user do whatever workaround is needed before the
upgrade.
I've done some search. In the announce, the reference to the
thread can be given:
http://www.nntp.perl.org/group/perl.perl5.porters/2008/12/msg142839.html
and it would be nice to point to some howto. The thread describes
2 solutions: sudo (but this is not always possible and taint mode
isn't necessarily enabled automatically) and a C wrapper (using
execv(), I assume).
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / Arénaire project (LIP, ENS-Lyon)
More information about the Perl-maintainers
mailing list