Nicholas Clark
2009-06-25 16:09:53 UTC
In perl.git, the branch maint-5.10 has been updated
<http://perl5.git.perl.org/perl.git/commitdiff/f02f2790e7a8c5456448fad11f9fdd4e97ce3468?hp=ddcf29769ffdf3a0336eb098f25cfd0a409ba95d>
- Log -----------------------------------------------------------------
commit f02f2790e7a8c5456448fad11f9fdd4e97ce3468
Author: Paul Fenwick <***@perltraining.com.au>
Date: Fri Jun 26 02:03:42 2009 +1000
Loudly proclaim that suidperl is depcated in perlsec.pod
-----------------------------------------------------------------------
Summary of changes:
pod/perlsec.pod | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/pod/perlsec.pod b/pod/perlsec.pod
index 59980d6..6ab0eb4 100644
--- a/pod/perlsec.pod
+++ b/pod/perlsec.pod
@@ -358,7 +358,11 @@ notices the otherwise useless setuid/gid bits on Perl scripts. It does
this via a special executable called F<suidperl> that is automatically
invoked for you if it's needed.
-However, if the kernel set-id script feature isn't disabled, Perl will
+B<The use of suidperl is considered deprecated>, and will removed
+in Perl 5.12.0. It is I<strongly> recommended that all code uses
+the simplier and more secure C-wrappers described below.
+
+If the kernel set-id script feature isn't disabled, Perl will
complain loudly that your set-id script is insecure. You'll need to
either disable the kernel set-id script feature, or put a C wrapper around
the script. A C wrapper is just a compiled program that does nothing
@@ -388,7 +392,8 @@ should never have to specify this yourself. Most modern releases of
SysVr4 and BSD 4.4 use this approach to avoid the kernel race condition.
Prior to release 5.6.1 of Perl, bugs in the code of F<suidperl> could
-introduce a security hole.
+introduce a security hole. The use of F<suidperl> is considered
+deprecated, and will be removed in Perl 5.12.0.
=head2 Protecting Your Programs
--
Perl5 Master Repository
<http://perl5.git.perl.org/perl.git/commitdiff/f02f2790e7a8c5456448fad11f9fdd4e97ce3468?hp=ddcf29769ffdf3a0336eb098f25cfd0a409ba95d>
- Log -----------------------------------------------------------------
commit f02f2790e7a8c5456448fad11f9fdd4e97ce3468
Author: Paul Fenwick <***@perltraining.com.au>
Date: Fri Jun 26 02:03:42 2009 +1000
Loudly proclaim that suidperl is depcated in perlsec.pod
-----------------------------------------------------------------------
Summary of changes:
pod/perlsec.pod | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/pod/perlsec.pod b/pod/perlsec.pod
index 59980d6..6ab0eb4 100644
--- a/pod/perlsec.pod
+++ b/pod/perlsec.pod
@@ -358,7 +358,11 @@ notices the otherwise useless setuid/gid bits on Perl scripts. It does
this via a special executable called F<suidperl> that is automatically
invoked for you if it's needed.
-However, if the kernel set-id script feature isn't disabled, Perl will
+B<The use of suidperl is considered deprecated>, and will removed
+in Perl 5.12.0. It is I<strongly> recommended that all code uses
+the simplier and more secure C-wrappers described below.
+
+If the kernel set-id script feature isn't disabled, Perl will
complain loudly that your set-id script is insecure. You'll need to
either disable the kernel set-id script feature, or put a C wrapper around
the script. A C wrapper is just a compiled program that does nothing
@@ -388,7 +392,8 @@ should never have to specify this yourself. Most modern releases of
SysVr4 and BSD 4.4 use this approach to avoid the kernel race condition.
Prior to release 5.6.1 of Perl, bugs in the code of F<suidperl> could
-introduce a security hole.
+introduce a security hole. The use of F<suidperl> is considered
+deprecated, and will be removed in Perl 5.12.0.
=head2 Protecting Your Programs
--
Perl5 Master Repository