63603 – Perl setuid emulation support breaks with perl-5.4.8-r1 ebuild

Bug 63603 - Perl setuid emulation support breaks with perl-5.4.8-r1 ebuild

Summary: Perl setuid emulation support breaks with perl-5.4.8-r1 ebuild

Status:	RESOLVED DUPLICATE of bug 64823

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High major
Assignee:	Gentoo Perl team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-09-10 16:16 UTC by Julian Paredes
Modified:	2005-07-17 13:06 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Julian Paredes 2004-09-10 16:16:06 UTC

After i updated from perl-5.4.8 to perl-5.4.8-r1, support for setuid emulation doesn't seems to work anymore. I've noticed this when i accesed to a perl cgi script under apache.

Reproducible: Always
Steps to Reproduce:
1.emerge perl-5.4.8-r1
2.access to a perl cgi script which requires setuid exec permissions to access to some libraries outside apache user scope


Actual Results:  
Says it could not locate sperl

Expected Results:  
Successful execution

Portage 2.0.50-r11 (default-x86-2004.0, gcc-3.3.4, glibc-2.3.3.20040420-r1, 
2.4.26-gentoo-r9)
=================================================================
System uname: 2.4.26-gentoo-r9 i686 Intel(R) Pentium(R) 4 CPU 2.80GHz
Gentoo Base System version 1.4.16
Autoconf: sys-devel/autoconf-2.59-r4
Automake: sys-devel/automake-1.8.5-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O2 -march=pentium4 -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
COMPILER=""
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3/s
hare/config /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=pentium4 -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache sandbox"
GENTOO_MIRRORS="ftp:///ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ 
ftp://mirrors.sec.informatik.tu-darmstadt.de/gentoo/ 
ftp://ftp.isu.edu.tw/pub/Linux/Gentoo http://mirror.datapipe.net/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X apm arts avi berkdb bitmap-fonts crypt cups encode foomaticdb gdbm gif 
gnome gpm gtk gtk2 imlib java jpeg kde libg++ libwww mad mikmod motif mpeg 
mysql ncurses nls oggvorbis opengl oss pam pdflib perl png python qt quicktime 
readline sdl slang spell ssl svga tcpd truetype x86 xml2 xmms xprint xv zlib"

Comment 1 Andrew Ross (RETIRED) gentoo-dev

2004-09-10 23:34:19 UTC

From the ebuild:

"# 2004.07.28 rac

    # suidperl has had a history of security trouble, and the
    # perldelta has recommended against using it for a while.  genone
    # alerted me to the fact that the hardlinks aren't carrying
    # through the staging directory, and we end up with four copies of
    # perl, basically.  two normal, two suid.  fix this up here, and
    # delete suidperl entirely.  if this causes outrage, here's where
    # to fix."

I guess it's up to the perl devs to decide if this is INVALID - perhaps suid could be introduced as a local use flag (disabled by default)?

Comment 2 Julian Paredes 2004-09-11 07:15:15 UTC

I agree this could be an optional USE flag, but for compat purposes i'm totally against removing setuid emulation support...

Comment 3 Michael Cummings (RETIRED) gentoo-dev

2004-10-02 08:55:55 UTC

Already fixed.

*** This bug has been marked as a duplicate of 64823 ***