Opened by docsnyder at 2006-06-09 12:59
User since
2005-09-08
300 Artikel
BenutzerIn
![[Homepage]](/battie/theme/default/homepage.gif)
![[default_avatar]](/battie/theme/default/default_avatar.gif)
2005-09-08
300 Artikel
BenutzerIn
Habe noch was gefunden, was einen Hinweis auf den auftretenden Effekt gibt:
Ist bei mir zwar Descriptor 4 statt 3, aber das scheint den Effekt wohl zu erklären.
Gruß, Doc
QuoteHowever, if the kernel set-id script feature isn't
isabled, Perl will complain loudly that your set-id
script is insecure. You'll need to either disable the
kernel set-id script feature, or put a C wrapper around
the script. A C wrapper is just a compiled program that
does nothing except call your Perl program. Compiled
programs are not subject to the kernel bug that plagues
set-id scripts.
...
In recent years, vendors have begun to supply systems free
of this inherent security bug. On such systems, when the
kernel passes the name of the set-id script to open to the
interpreter, rather than using a pathname subject to
meddling, it instead passes /dev/fd/3. This is a special
file already opened on the script, so that there can be no
race condition for evil scripts to exploit.
Ist bei mir zwar Descriptor 4 statt 3, aber das scheint den Effekt wohl zu erklären.
Gruß, Doc