Re: When to use SUID Perl (5.8.x)?

[Olivier Nicole]

Hi, 

> Just wondering what do you need suid perl for?

To run a Perl script that needs to get root privileges.

> it is a security risk having it?

It is always a risk to have a powerfull tool installed when you don't
need it. If a security bug is discovered in Perl, one could be able to
become root without you wanting it.

> Is the risk that if the webserver/webserver-app gets comprimised the 
> user could use perl?

It depends on whatyou are running on your server.

If you don't need setuid perl, do not install it :))

Olivier
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

When to use SUID Perl (5.8.x)?

[B. Cook]

Hello,

Just wondering what do you need suid perl for?

I run a webserver for staff users, and have had no real need for it, and 
considering removing it.


I think it goes to back the days when SA (possibly?) needed it and I 
just cp'd the make.conf across boxes over the years.. :)


it is a security risk having it?

Is the risk that if the webserver/webserver-app gets comprimised the 
user could use perl?


Thanks in advance.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"