(see bug63437 and bug63612) Some of us need the suidperl to stay put; so I'd like it if this was introduced as a USE option - this way systems not needing it will be secure, and my (and others) systems won't break every time a new perl version is available, or even worse; I'd chattr +i {suidperl,sperl*} and end up with a non-updating version of a already critical component :/ I'm marking this as major since this is a big issue to me, and probably to others who need it aswell!
I'd like to also recommend the USE approach. Perl can be built without suid support, so the current method of just deleting the suidperl and sperl* binaries could be replaced by a USE flag that enables the -Ddo_suid configure option. I will attach a patch to the ebuild that does this.
Created attachment 40308 [details, diff] Patch to add suid USE flag
http://perldoc.com/perl5.8.4/INSTALL.html#suidperl
Yeah, it's insecure but I think people should have the option to install it if they want. It should be disabled by default though, of course.
I agree with Andy, and I understand the risks aswell! But - isn't gentoo supposed to be about the choices? Disable it by default; but give us an option to install it! This should protect the usual morons but give some of us an option to be REAL morons by using suidperl! ;] However, I do not agree with andy to use 'suid' as the USE keyword, perhaps 'suidperl' would be more appropriate?
Local use flag added that enables perlsuid <-- that's the use flag
*** Bug 63603 has been marked as a duplicate of this bug. ***
