# qmail-scanner and setuid perl

## seb|seb|seb

Hi guys,

once again my qmail is b0rked, and I am completely stuck, no mail is coming in or out. I get a '451 qq temporary problem (#4.3.0)'. Log files indicate that qmail-scanner cannot exec sperl.

I am using qmail-1.03-r15, qmail-scanner-1.16-r2, spamassassin-2.64 with perl-5.8.4-r1. I checked qmail, which is running fine locally, i.e. as long as qmail-scanner isn't used. qmail-scanner broke when I updated perl, and now I cannot even emerge qmail-scanner successfully. The error is  

```
Error was:

Can't do setuid (cannot exec sperl)

```

Additionnally, it seems that the perl search path doesn't include /usr/lib/perl/5.8.4, where some needed modules are located. When running qmail-scanner -h manually, I get an error like this :

```

Can't locate Sys/Syslog.pm in @INC (@INC contains: /etc/perl /usr/lib/perl5/site_perl/5.8.0/i686-linux /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i686-linux /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.0/i686-linux /usr/lib/perl5/5.8.0 /usr/local/lib/site_perl) at /var/qmail/bin/qmail-scanner-queue.pl line 73.

BEGIN failed--compilation aborted at /var/qmail/bin/qmail-scanner-queue.pl line 73.

```

Syslog.pm is actually under /usr/lib/perl5/5.8.4/i686-linux-thread-multi/Sys/Syslog.pm. So everything boils down to perl not being able to run setuid and not finding required modules.

I tried to re-emerge perl, qmail, qmail-scanner, spamaassin, to no avail. Anyone having the same problems ?

----------

## seb|seb|seb

OK once again I found the solution myself : the perl-5.8.4-r1 ebuilds deletes the suid-version of the perl binary. To keep these files, required by qmail-scanner and possibly some webmails, juste comment these lines in /usr/portage/dev-lang/perl/perl-5.8.4-r1.ebuild :

```

   rm ${D}/usr/bin/sperl${PV}

   rm ${D}/usr/bin/suidperl

   rm ${D}/usr/bin/perl

   ln -s perl${PV} ${D}/usr/bin/perl

```

close to line 260. Now perl is installed with the suid versions. It seems that this presents a security risk, but I couldn't make qmail-scanner work without theses files.

----------

## crowbar

Or you can edit the ebuild and disable the suid-perl check since the build installs the wrapper script by default:  Just add the following after the configure in the ebuild:

```
    --skip-setuid-test \ 
```

----------

## ElForesto

I got to find out about that little problem the hard way too. Thanks for the tips about modding the e-build. I'm going to be very careful of it from now on.

----------

## deboeck

In case anyone encounters this problem, here's another solution :

```
USE="perlsuid" emerge perl
```

So you don't have to change the ebuild to install suidperl.

Cheers,

Steven

----------

