| Summary: | suidperl suggestion | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Torgeir Hansen <torgeir> |
| Component: | New packages | Assignee: | Gentoo Perl team <perl> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | andy, jparedes |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 63461 | ||
| Attachments: | Patch to add suid USE flag | ||
|
Description
Torgeir Hansen
2004-09-20 23:08:09 UTC
I'd like to also recommend the USE approach. Perl can be built without suid support, so the current method of just deleting the suidperl and sperl* binaries could be replaced by a USE flag that enables the -Ddo_suid configure option. I will attach a patch to the ebuild that does this. Created attachment 40308 [details, diff]
Patch to add suid USE flag
Yeah, it's insecure but I think people should have the option to install it if they want. It should be disabled by default though, of course. I agree with Andy, and I understand the risks aswell! But - isn't gentoo supposed to be about the choices? Disable it by default; but give us an option to install it! This should protect the usual morons but give some of us an option to be REAL morons by using suidperl! ;] However, I do not agree with andy to use 'suid' as the USE keyword, perhaps 'suidperl' would be more appropriate? Local use flag added that enables perlsuid <-- that's the use flag |
