Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!mcsun!cernvax!chx400!bernina!karrer
From: karrer@bernina.ethz.ch (Andreas Karrer)
Newsgroups: comp.lang.perl
Subject: suidperl 4.003 on a Convex
Keywords: suidperl disabled setuid-scripts
Message-ID: <1991May16.180137.25776@bernina.ethz.ch>
Date: 16 May 91 18:01:37 GMT
Organization: Swiss Federal Institute of Technology (ETH), Zurich, CH
Lines: 26

I followed Tom Christiansen's instructions on how to compile perl 4.003
with the ANSI standard Convex cc (no -pcc).

Now I have a problem with setuid perl scripts. It seems that under
ConvexOS 9.0 Convex has "fixed" the security problem inherent in 
set[ug]id #!-scripts. From the chmod(2) man page:

     ...  Additionally, shell
     scripts which have either the set-user-ID bit or set-group-
     ID bit set will not execute if the caller's user/group-ID
     does not match that of the script.

In other words, when you try to run a set[ug]id script, you just get:

	"./script: Not owner."

and suidperl has no chance of ever getting invoked.

What they should have done is that the kernel just ignores the 
set[ug]id bits before it execve's the script.

These C-wrappers jus' tain' telegant.

+-----------
  Andi Karrer, Communication Systems, ETH Zuerich, Switzerland
  karrer@bernina.ethz.ch                 - terible simplifieur