[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] suid perl - 2 month old hazard

Subject: Re: [cobalt-users] suid perl - 2 month old hazard
From: flash22@xxxxxxx
Date: Tue Nov 13 16:22:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Tue, 13 Nov 2001, Barbara - wrote:

> >For this exploit to work, you need 
> >to have /usr/bin/suidperl setuid.  
> >We do not ship suidperl setuid.  We do 
> >ship the binary, but purposely removed 
> >the suid bit on the program because it 
> >was not needed.  This exploit will not 
> >work unless you have changed permissions 
> >on the suidperl binary.
> 
> Okay now, correct me if I'm wrong, but on my RaQ's,
> SUID **IS** set on this file by default:
> 
> -rws--x--x  2 root  root 517916  Apr  6  1999 suidperl
> 
> It was my understanding that any file with the 's' in
> the permission mode of the binary (-rws--x--x) is
> built with the SUID bit set to *ON* -and- usually

Yup

And i hate to add this, but the Raq2 with factory software has suid bits
set also :(

-rws--x--x   2 root     root       868404 Oct 20  1998 /usr/bin/suidperl

This is perl, version 5.004_04 built for mips-linux

md5sum /usr/bin/suidperl 
525d33b9690cd958ddc39075f5d997ca

Note that up to and including 5.00403 are vulnerable...:(

I don't *think* there ever was an update for this...

gsh

Follow-Ups:
- Re: [cobalt-users] suid perl - 2 month old hazard
  - From: Gerald Waugh

References:
- [cobalt-users] suid perl - 2 month old hazard
  - From: Barbara -

Prev by Date: Re: [cobalt-users] NAMED UPDATE !!!
Next by Date: [cobalt-users] Japanese characters and Apache on the RAQ
Previous by thread: [cobalt-users] suid perl - 2 month old hazard
Next by thread: Re: [cobalt-users] suid perl - 2 month old hazard

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index