os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/share/security/advisories/FreeBSD-SA-96:12.perl.asc
Bjoern A. Zeeb 3571e53040 Import FreeBSD Security Advisories and Errata Notices, as well as their 
patches for easier mirroring, to eliminate a special copy, to make
www.freebsd.org/security a full copy of security.freebsd.org and be
eventually be the same.

For now files are just sitting there.   The symlinks are missing.

Discussed on:	www (repository location)
Discussed with:	simon (so)
2012-08-15 06:19:40 +00:00

144 lines
5 KiB
Text
Raw Blame History

-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-96:12 Security Advisory
FreeBSD, Inc.
Topic: security compromise from perl (suidperl) utility
Category: core and ports
Module: perl
Announced: 1996-06-28
Affects: FreeBSD 2.0, 2.0.5, 2.1, 2.1-stable, and 2.2-current
Corrected: 2.1-stable and 2.2-current as of 1996-06-03
FreeBSD only: no
Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:12/
=============================================================================
I. Background
FreeBSD ships perl version 4 as part of the base level system,
in addition, a port for perl version 5 is also provided with
a similar vulnerability. The vulnerability is specific to the
suidperl flavors of perl installed on the system.
This problem is present in all source code and binary
distributions of FreeBSD version 2.0.5 and later released
before 1996-05-21. This problem is not present in FreeBSD
2.0 and earlier versions of FreeBSD.
II. Problem Description
The authors of perl provide a "suidperl" program for proper
processing of setuid perl scripts on systems where race
conditions where setuid scripts could be exploited to gain
unauthorized access. FreeBSD installs this suidperl program
(and a link) as part of the standard installation. However,
privilege processing done by this program does not take into
account recent functionality extensions in the seteuid/setegid
system calls.
III. Impact
This vulnerability can only be exploited by users with a valid
account on the local system to easily obtain superuser access.
This vulnerability is present on all systems with the
_POSIX_SAVED_IDS functionality extension where suidperl
has been installed.
IV. Workaround
One may simply disable the setuid bit on all copies of the setuid
version of perl. This will close the vulnerability but render
inoperable setuid perl scripts. No software currently shipping
as part of FreeBSD relies on this functionality so the impact is
only to third party software.
As root, execute the commands:
# chmod 111 /usr/bin/suidperl
# chmod 111 /usr/bin/sperl4.036
In addition, if you have installed the perl5 port:
# chmod 111 /usr/local/bin/suidperl
# chmod 111 /usr/local/bin/sperl5.001
then verify that the setuid permissions of the files have been
removed. The permissions array should read "-r-xr-xr-x" as
shown here:
# ls -l /usr/bin/s*perl*
---x--x--x 2 root bin 307200 Jun 1 17:16 /usr/bin/sperl4.036
---x--x--x 2 root bin 307200 Jun 1 17:16 /usr/bin/suidperl
and for the perl5 port:
# ls -l /usr/local/bin/s*perl*
---x--x--x 2 root bin 397312 Jan 22 15:15 /usr/local/bin/sperl5.001
---x--x--x 2 root bin 397312 Jan 22 15:15 /usr/local/bin/suidperl
V. Solution
*NOTE* A patch for perl is available directly from Larry Wall
(the author of perl) which solves this vulnerability in a
different fashion than the FreeBSD patches. You may apply
either the FreeBSD patches, or Larry's patches, or both.
The patches solve the problem via two different mechanisms.
Patches are available which eliminate this vulnerability.
The following patch should be applied to the system sources and
suidperl should be rebuilt and reinstalled.
Apply the patch, then:
# cd /usr/src/gnu/usr.bin/perl/sperl
# make depend
# make all
# make install
A similar patch is also available for the perl5 port.
Apply the following patch by moving it into the patch
directory for the port distribution and rebuilding and
installing perl5:
# cd /usr/ports/lang/perl5
# cp <location of new patches>/patch-a[ab] patches
# make all
# make install
NOTE: These patches do NOT solve the vulnerability for FreeBSD 2.0
or 2.0.5. These only solve the problem for 2.1 and later.
Patches specific to FreeBSD 2.0 and 2.0.5 are available at
the URL listed at the top of this file.
=============================================================================
FreeBSD, Inc.
Web Site: http://www.freebsd.org/
Confidential contacts: security-officer@freebsd.org
PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc
Security notifications: security-notifications@freebsd.org
Security public discussion: security@freebsd.org
Notice: Any patches in this document may not apply cleanly due to
modifications caused by digital signature or mailer software.
Please reference the URL listed at the top of this document
for original copies of all patches if necessary.
=============================================================================
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBMdOTfFUuHi5z0oilAQEVkAP/cVHgqsW4GNpShs4RDQYvAphA31vTNiE8
vrfyjpA1GQET/KycQe0xdQWaQ7FF6FwG5ieahHFypqFN2Ze8VW10EuWN/EFhfjh5
vFnCqOW5r84DraP3ttkdR6WKyQXDwt61QBGiO7FYa03Kz29v3n9TO7W0LS+pAhB1
cZZwEwUN318=
=M6FK
-----END PGP SIGNATURE-----
Reference in a new issue View git blame Copy permalink