Bug#521584: perl-suid: -U no longer behaves as expected to allow insecure operations
Niko Tyni
ntyni at debian.org
Sun Mar 29 18:50:00 UTC 2009
On Sat, Mar 28, 2009 at 01:00:18PM -0400, Adam Rosi-Kessel wrote:
> Package: perl-suid
> Version: 5.10.0-19
> Severity: normal
> After upgrading perl/perl-suid, none of my setuid CGI scripts work.
>
> Insecure dependency in require while running setuid at /usr/share/perl/5.10/AutoLoader.pm line 27.
> Insecure dependency in require while running setuid at ../../lib/Storable.pm (autosplit into ../../lib/auto/Storable/CAN_FLOCK.al) line 89.
Are you sure these really are fatal errors with -U? See below.
> The scripts all start with
>
> #!/usr/bin/perl -U
>
> which caused this error to be ignored with perl5.8/apache1.3. But after
> the upgrade, perl -U doesn't seem to fix the problem, so none of the
> scripts work.
It's not totally broken:
% ls -l with*
-rwsr-xr-x 1 root root 48 2009-03-29 21:40 without-U.pl
-rwsr-xr-x 1 root root 50 2009-03-29 21:41 with-U.pl
% cat without-U.pl
#!/usr/bin/perl
require shift;
die("success");
% ./without-U.pl warnings.pm
Insecure dependency in require while running setuid at ./without-U.pl line 2.
% cat with-U.pl
#!/usr/bin/perl -U
require shift;
die("success");
% ./with-U.pl warnings.pm
Insecure dependency in require while running setuid at ./with-U.pl line 2.
Insecure dependency in require while running setuid at ./with-U.pl line 2.
Insecure dependency in require while running setuid at ./with-U.pl line 2.
Insecure dependency in require while running setuid at ./with-U.pl line 2.
Insecure dependency in require while running setuid at ./with-U.pl line 2.
Insecure dependency in require while running setuid at ./with-U.pl line 2.
Insecure dependency in require while running setuid at ./with-U.pl line 2.
Insecure dependency in require while running setuid at ./with-U.pl line 2.
success at ./with-U.pl line 3.
Please provide a test script that shows the problem.
--
Niko Tyni ntyni at debian.org
More information about the Perl-maintainers
mailing list