On Wed, 3 Jul 1996, Ken Hornstein wrote:

> Perl gets around this hole by having "suidperl" stat the file that gets opened
> and making sure that there are actually setuid bits on that file and that it
> is owned by root.

though a major security hole has been found in suidperl in release 3, 4
and 5....  I believe perl 5.003 addresses the problem...

It amounts to being able to gain a root shell with an approximately 4 line
perl script.

I havn't had a chance to test it on my NetBSD box.. but the exploit script
worked on FreeBSD, BSDI, Linux, IRIX,... among others



aron roberts
aroberts@wolfenet.com