pszMATHS.USYD.EDU.AU

• Next message: Michael H. Warfield: "Re: Dangerous Java/Netscape Security Hole"
• Previous message: Joey Hess: "Re: sperl 5.00503 (and newer ;) exploit"
• Maybe in reply to: Michal Zalewski: "sperl 5.00503 (and newer ;) exploit"
• Next in thread: Matthew Kirkwood: "Re: sperl 5.00503 (and newer ;) exploit"
• Next in thread: Paul Szabo: "Re: sperl 5.00503 (and newer ;) exploit"
• Maybe reply: Paul Szabo: "Re: sperl 5.00503 (and newer ;) exploit"
• Reply: Matthew Kirkwood: "Re: sperl 5.00503 (and newer ;) exploit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There have been some source patches posted. But what if you are too lazy
(or busy) to re-build perl (or the person who built it is on holidays)?
Use a binary editor to patch the suidperl binary, something like:

  cd /usr/local/bin
  cp -i suidperl suidperl.ORIG
  perl -pe 's/mail root/NOmailZZZ/' < suidperl.ORIG > suidperl
  chmod 4711 suidperl

(Your file may be named sperl or sperl5.6.0 or whatever, and permissions or
ownership may vary. Beware.)

Looking for further problems, I checked 'strings suidperl' and it shows
(besides the mail thing, and lots of irrelevant stuff):

/usr/bin/csh

/usr/bin/sed
-e '1,/^#/d

/bin/sh

Are these dangerous? Where (why) are they used?

Paul Szabo - pszmaths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia

• Next message: Michael H. Warfield: "Re: Dangerous Java/Netscape Security Hole"
• Previous message: Joey Hess: "Re: sperl 5.00503 (and newer ;) exploit"
• Maybe in reply to: Michal Zalewski: "sperl 5.00503 (and newer ;) exploit"
• Next in thread: Matthew Kirkwood: "Re: sperl 5.00503 (and newer ;) exploit"
• Next in thread: Paul Szabo: "Re: sperl 5.00503 (and newer ;) exploit"
• Maybe reply: Paul Szabo: "Re: sperl 5.00503 (and newer ;) exploit"
• Reply: Matthew Kirkwood: "Re: sperl 5.00503 (and newer ;) exploit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]