Re: new suid-perl debian security update breaks qmail-scanner!

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: new suid-perl debian security update breaks qmail-scanner!

Patrick Donker
People,
I found this in the archive and am experiencing the same problem.
I have replaced the line SUIDPERL="${SUIDPERL:-$dir/suidperl}" with
SUIDPERL="${SUIDPERL:-$dir/perl}on line 754 of the ./configure script
(qmail-scanner 1.25), but I still keep on getting the error as described
below.
I am running Sarge with perl-suid 5.8.4-8. How can I fix this because I
am stuck :(

Thanks
-Patrick

>I did just this (except the 'SUIDPERL="${SUIDPERL:-$dir/perl}"' line was
>on line 500) and now it's working perfectly.  thanks for the post!  you
>really saved my day.
>
>thanks,
>Dave
>
>On Mon, Apr 19, 2004 at 08:08:36PM +0200 or thereabouts, Debian wrote:
>> El lun, 19-04-2004 a las 19:58, David Wilk escribi?:
>> > Howdy,
>> >
>> > I noticed that qmail-scanner-queue refuses to run after the last debian
>> > perl update.  I tried to install the latest qmail-scanner, but
>> > unfortunately the ./configure fails reporting:
>> >
>> > <snip>
>> > Testing suid nature of /usr/bin/suidperl...
>> > Whoa - broken perl install found.
>> > Cannot even run a simple script setuid
>> >
>> > Installation of Qmail-Scanner FAILED
>> >
>> > Error was:
>> > suidperl needs fd script
>> > <snip>
>> >
>> > I verified that suidperl is indeed suid root.  Not sure what's going on.
>> > anyone have any ideas?
>> >
>> > thanks,
>> > Dave
>> > --
>> > *******************************
>> > David Wilk
>> > System Administrator
>> > Community Internet Access, Inc.
>> [hidden email]
>>
>> Hi all,
>>
>> this update fixes a security hole in suid-perl and now you cannot exec
>> it directly from /usr/bin/suidperl, u must call it from perl executable.
>> So to fix the problem with qmail-scanner u must edit the qmail-scanner's
>> configure script and replace suidperl with perl in the line where the
>> variable SUIDEPERL is defined (SUIDPERL="${SUIDPERL:-$dir/perl}").
>> That's the line 650 in qmail-scanner-1.21st.
>>
>> This has fixed the problem for me.
>>
>> Greetings
>>
>> --
>> Carlos Solano Lisa
>>
>


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: new suid-perl debian security update breaks qmail-scanner!

Turbo Fredriksson
Quoting Patrick Donker <[hidden email]>:

> People,
> I found this in the archive and am experiencing the same problem.
> I have replaced the line SUIDPERL="${SUIDPERL:-$dir/suidperl}" with
> SUIDPERL="${SUIDPERL:-$dir/perl}on line 754 of the ./configure script
> (qmail-scanner 1.25), but I still keep on getting the error as
> described below.
> I am running Sarge with perl-suid 5.8.4-8. How can I fix this because
> I am stuck :(

I've made packages for my woody system(s):
/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22-8.diff.gz
/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22-8.dsc
/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22-8_i386.changes
/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22.orig.tar.gz

They have this fix. The problem is that SUID perl script should NOT
run '/usr/bin/suidperl' but only '/usr/bin/perl' (but be suid).

In my package, I fix this and a whole lot more. I see no reason why the
building of the 'binary' package shouldn't work on sarge...
--
Cuba KGB arrangements president Honduras domestic disruption smuggle
cracking pits security DES colonel PLO counter-intelligence tritium
[See http://www.aclu.org/echelonwatch/index.html for more about this]


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: new suid-perl debian security update breaks qmail-scanner!

Patrick Donker
Turbo Fredriksson wrote:

>Quoting Patrick Donker <[hidden email]>:
>
>  
>
>>People,
>>I found this in the archive and am experiencing the same problem.
>>I have replaced the line SUIDPERL="${SUIDPERL:-$dir/suidperl}" with
>>SUIDPERL="${SUIDPERL:-$dir/perl}on line 754 of the ./configure script
>>(qmail-scanner 1.25), but I still keep on getting the error as
>>described below.
>>I am running Sarge with perl-suid 5.8.4-8. How can I fix this because
>>I am stuck :(
>>    
>>
>
>I've made packages for my woody system(s):
>/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22-8.diff.gz
>/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22-8.dsc
>/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22-8_i386.changes
>/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22.orig.tar.gz
>
>They have this fix. The problem is that SUID perl script should NOT
>run '/usr/bin/suidperl' but only '/usr/bin/perl' (but be suid).
>
>In my package, I fix this and a whole lot more. I see no reason why the
>building of the 'binary' package shouldn't work on sarge...
>  
>
Ok, where can I find these packages and do you also happen to have a
fixed 1.25? I could try and look at your packages to figure out how to
make the latest QS work.

Thanks
-Patrick


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: new suid-perl debian security update breaks qmail-scanner! [SOLVED]

Patrick Donker
In reply to this post by Turbo Fredriksson
Turbo Fredriksson wrote:

>Quoting Patrick Donker <[hidden email]>:
>
>  
>
>>People,
>>I found this in the archive and am experiencing the same problem.
>>I have replaced the line SUIDPERL="${SUIDPERL:-$dir/suidperl}" with
>>SUIDPERL="${SUIDPERL:-$dir/perl}on line 754 of the ./configure script
>>(qmail-scanner 1.25), but I still keep on getting the error as
>>described below.
>>I am running Sarge with perl-suid 5.8.4-8. How can I fix this because
>>I am stuck :(
>>    
>>
>
>I've made packages for my woody system(s):
>/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22-8.diff.gz
>/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22-8.dsc
>/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22-8_i386.changes
>/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22.orig.tar.gz
>
>They have this fix. The problem is that SUID perl script should NOT
>run '/usr/bin/suidperl' but only '/usr/bin/perl' (but be suid).
>
>In my package, I fix this and a whole lot more. I see no reason why the
>building of the 'binary' package shouldn't work on sarge...
>  
>
I've compiled the wrapper and that solved the problem. Still I think
that the Perl advisory should be followed and have perl do the suid and
not directly running suidperl.

-Patrick


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: new suid-perl debian security update breaks qmail-scanner!

Turbo Fredriksson
In reply to this post by Patrick Donker
Quoting Patrick Donker <[hidden email]>:

>>I've made packages for my woody system(s):
>>/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22-8.diff.gz
>>/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22-8.dsc
>>/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22-8_i386.changes
>>/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22.orig.tar.gz
>>
>>They have this fix. The problem is that SUID perl script should NOT
>>run '/usr/bin/suidperl' but only '/usr/bin/perl' (but be suid).
>>
>>In my package, I fix this and a whole lot more. I see no reason why the
>>building of the 'binary' package shouldn't work on sarge...
>>
>>
> Ok, where can I find these packages and do you also happen to have a
> fixed 1.25? I could try and look at your packages to figure out how to
> make the latest QS work.

Sorry, the URL is 'ftp://ftp.bayour.com/...'.

And I didn't even know that 1.25 existed. I've replaced QS with simscan.
It was just not possible to run QS site-wite on my UltraSPARC III/750Mhz
with 1Gb mem (go figure!! :).

With simscan, everything is dandy!

--
Soviet NORAD Panama Semtex kibo genetic Legion of Doom class struggle
tritium nitrate explosion attack pits supercomputer 747
[See http://www.aclu.org/echelonwatch/index.html for more about this]


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: new suid-perl debian security update breaks qmail-scanner!

Patrick Donker
Turbo Fredriksson wrote:

>Quoting Patrick Donker <[hidden email]>:
>
>  
>
>>>I've made packages for my woody system(s):
>>>/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22-8.diff.gz
>>>/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22-8.dsc
>>>/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22-8_i386.changes
>>>/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22.orig.tar.gz
>>>
>>>They have this fix. The problem is that SUID perl script should NOT
>>>run '/usr/bin/suidperl' but only '/usr/bin/perl' (but be suid).
>>>
>>>In my package, I fix this and a whole lot more. I see no reason why the
>>>building of the 'binary' package shouldn't work on sarge...
>>>
>>>
>>>      
>>>
>>Ok, where can I find these packages and do you also happen to have a
>>fixed 1.25? I could try and look at your packages to figure out how to
>>make the latest QS work.
>>    
>>
>
>Sorry, the URL is 'ftp://ftp.bayour.com/...'.
>
>And I didn't even know that 1.25 existed. I've replaced QS with simscan.
>It was just not possible to run QS site-wite on my UltraSPARC III/750Mhz
>with 1Gb mem (go figure!! :).
>
>With simscan, everything is dandy!
>
>  
>
Thanks


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: new suid-perl debian security update breaks qmail-scanner!

Patrick Donker
In reply to this post by Turbo Fredriksson
Turbo Fredriksson wrote:

>Quoting Patrick Donker <[hidden email]>:
>
>  
>
>>>I've made packages for my woody system(s):
>>>/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22-8.diff.gz
>>>/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22-8.dsc
>>>/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22-8_i386.changes
>>>/pub/debian/dists/woody-ol2.2/source/Qmail/qmail-scanner_1.22.orig.tar.gz
>>>
>>>They have this fix. The problem is that SUID perl script should NOT
>>>run '/usr/bin/suidperl' but only '/usr/bin/perl' (but be suid).
>>>
>>>In my package, I fix this and a whole lot more. I see no reason why the
>>>building of the 'binary' package shouldn't work on sarge...
>>>
>>>
>>>      
>>>
>>Ok, where can I find these packages and do you also happen to have a
>>fixed 1.25? I could try and look at your packages to figure out how to
>>make the latest QS work.
>>    
>>
>
>Sorry, the URL is 'ftp://ftp.bayour.com/...'.
>
>And I didn't even know that 1.25 existed. I've replaced QS with simscan.
>It was just not possible to run QS site-wite on my UltraSPARC III/750Mhz
>with 1Gb mem (go figure!! :).
>
>With simscan, everything is dandy!
>
>  
>
I was a bit quick sending 'thanks' :)
What I wanted to ask also is, do you recommend simscan over QS? I've
read about it but dont know which is better....The box I am running my
stuff on isnt very exciting either; P3 886 with 300something megs of
ram. Yes I know, more mem should be put in, but that's something I had
planned doing later...

-Patrick


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: new suid-perl debian security update breaks qmail-scanner!

Shane Chrisp
On Sun, 2005-06-05 at 20:21 +0200, Patrick Donker wrote:

> >
> I was a bit quick sending 'thanks' :)
> What I wanted to ask also is, do you recommend simscan over QS?

Most definately. It is faster and much nicer on resources than QS was,
though QS certainly did a great job, Simscan just does it more
efficiently being written in C.

> I've
> read about it but dont know which is better....The box I am running my
> stuff on isnt very exciting either; P3 886 with 300something megs of
> ram. Yes I know, more mem should be put in, but that's something I had
> planned doing later...
>
> -Patrick
>

cheers
Shane

--
Quick, hire a teenager while they still know everything. --Anonymous


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: new suid-perl debian security update breaks qmail-scanner!

Turbo Fredriksson
In reply to this post by Patrick Donker
Quoting Patrick Donker <[hidden email]>:

>>With simscan, everything is dandy!

> What I wanted to ask also is, do you recommend simscan over QS?

Completley depends on the hardware (heard that before!? :).

But I'd still say YES (large, bold letters!).

I love perl more than my girlfriend (well, almost - don't tell her I said
this :). But there is ONE big problem with perl. It eats system resources
like a pig! No matter how much you have, perl just wants more...


If you have something like a dual P4 3.2 with >4Gb memory, you'd STILL
have to reboot every now and then to get all that memory back (perl/QS
doesn't free the memory correctly/propperly).


Simscan is a binary (from C code) so it's MUCH faster starting and if
frees the memory after use - 'you have to', C won't permit it othervise
(well, theory and practise IS different after all :).


There is however ONE problem i stumbled on with Simscan, and i got that
the second day running it... My 'spamd' wasn't running, which made
Simscan (!?!?) fail miserably. On thinks that it could catch that, and
just ignore spamc calling, but it don't (in the version I is using - 1.1).

Simscan have faults and bugs as anything else, but I think it's worth
it - it's so much better on the system resources and so MUCH faster...

> I've
> read about it but dont know which is better....The box I am running my
> stuff on isnt very exciting either; P3 886 with 300something megs of
> ram. Yes I know, more mem should be put in, but that's something I had
> planned doing later...

Then forget QS!!! I can't stress that enough! My dual Ultra SPARC III/750
is _WAY_ faster than yours (not only in pure CPU power - SPARC have a lot
better I/O and memory performance than Intel), and _I_ get into trouble!

Your setup would crash within minutes (if it got the amount of mails _I_
get - roughly 2-3000 / day :).
--
Waco, Texas Nazi cryptographic plutonium kibo president Marxist
Albanian subway class struggle supercomputer jihad killed
counter-intelligence 767
[See http://www.aclu.org/echelonwatch/index.html for more about this]


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]