> Suidperl should be owned by root and suid, perl should not. The point > of the separate suid binary is that it does some additional checking > and works around the usual race conditions when kernels do the > suid handling for scripts.
OK, that clarifies things, thanks a lot, Les. Then I should be doing the opposite of what I was doing: # chmod u+s /usr/bin/suidperl And running the script with that... I wonder why SuSE doesn´t set the suid bit on suidperl... OK, so I just did the search I should have done a long time ago (I probably got too frustrated to go to the bottom of the problem at that point and stopped investigating when I got things to work): http://www.novell.com/linux/security/advisories/2004_43_cyrus_imapd.html says in point 5: - suidperl SUSE LINUX 9.2 follows the new upstream policy to install /usr/bin/suidperl as hardlink to /usr/bin/perl. In previous perl versions it used to be a hardlink to /usr/bin/sperl*. Therefore one must not set a setuid bit on /usr/bin/suidperl as suggested in the RPM package description of perl. Set the bit on /usr/bin/sperl5.8.5 instead if you really need the suid feature. Also check your /etc/permissions.local file for references of /usr/bin/suidperl if you where upgrading from previous SUSE LINUX releases. SUSE Linux is not affected by this problem in the default installation, only if the administrator added the s-bit to suidperl. And it seems that SuSE 9.3, and 10.0 (and Debian too, I read) do the same thing. Basically, /usr/bin/perl, /usr/bin/perl5.8.X, and /usr/bin/suidperl are all hardlinks to the same thing, and /usr/bin/sperl5.8.X is a different executable, the one whose suid bit should be changed if necessary, instead of /usr/bin/suidperl. Bernardo Rechea ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_idv28&alloc_id845&op=click _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/