Perl FAQ 5.13: Why do setuid Perl scripts complain about kernel problems?

Perl FAQ 5.13

Why do setuid Perl scripts complain about kernel problems?

This message:

    YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!
    FIX YOUR KERNEL, PUT A C WRAPPER AROUND THIS SCRIPT, OR USE -u AND UNDUMP!
is triggered because setuid scripts are inherently insecure due to a kernel bug. If your system has fixed this bug, you can compile Perl so that it knows this. Otherwise, create a setuid C program that just execs Perl with the full name of the script. Here's what the perldiag(1) man page says about this message:

    YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!
      (F) And you probably never will, since you probably don't have
      the sources to your kernel, and your vendor probably doesn't
      give a rip about what you want.  Your best bet is to use the
      wrapsuid script in the eg directory to put a setuid C wrapper
      around your script.


Other resources at this site: