You are not logged in.

#1 2006-11-07 15:01:46

jyrihovila
Member
Registered: 2006-10-30
Posts: 13

perl-suid package?

Hi!

I ran to the same problem as some other Arch Linux users: in order to use qmail-scanner, I need to have perl-suid installed - or Perl compiled with SUID enabled to be exact. Now I would not like to compile Perl from scratch, as that means I won't be able to upgrade it using pacman -Syu later.

Many distributions seem to have a separate perl-suid package. I'm hoping someone would see the trouble of creating one for Arch Linux. I would do it myself if I only had the time to learn how, but my schedule is already 200% full so...

Any volunteers..? wink

- Jyri

Offline

#2 2006-11-07 15:37:22

jyrihovila
Member
Registered: 2006-10-30
Posts: 13

Re: perl-suid package?

Hi again!

I did some more googling, and it turns out that the whole perl-suid thing is probably going to go away, as it's proven out to be an endless source of security problem.

Good news is that I found a way to make qmail-scanner work without perl-suid. Actually the instructions can be found from qmail-scanner FAQ, but here's a quick-and-dirty version just in case somebody is looking for a solution from this forum.

What you have to do is compile and install a C setuid wrapper program, which handles the setuid part and launches qmail-scanner-queue.pl.

I'm assuming that:

- your qmail-scanner source code is located at /usr/local/src/qmail-scanner-x.xx
- /var/qmail/bin is your qmail binary directory
- /var/qmail/bin/qmail-scanner-queue.pl is already installed

Here's what you have to do:

1. cd /usr/local/src/qmail-scanner-x.xx/contrib

2. make

3. make install

4. chmod 0755 /var/qmail/bin/qmail-scanner-queue.pl

5. make sure your qmail-scanner-queue.pl begins with a line "#!/usr/bin/perl" instead of "#!/usr/bin/suidperl"

6. modify QMAILQUEUE variable so that it's set to "/var/qmail/bin/qmail-scanner-queue" instead of "/var/qmail/bin/qmail-scanner-queue.pl"

7. restart daemontools, inetd, xinetd - or whichever superdaemon you use to launch qmail

These steps worked at least for me. smile

- Jyri

Offline

Board footer

Powered by FluxBB