Fortunately, sometimes this kernel "feature" can be disabled.
Unfortunately, there are two ways to disable it. The system can simply
outlaw scripts with any set-id bit set, which doesn't help much.
-Alternately, it can simply ignore the set-id bits on scripts. If the
-latter is true, Perl can emulate the setuid and setgid mechanism when it
-notices the otherwise useless setuid/gid bits on Perl scripts. It does
-this via a special executable called F<suidperl> that is automatically
-invoked for you if it's needed.
+Alternately, it can simply ignore the set-id bits on scripts.
However, if the kernel set-id script feature isn't disabled, Perl will
complain loudly that your set-id script is insecure. You'll need to
should never have to specify this yourself. Most modern releases of
SysVr4 and BSD 4.4 use this approach to avoid the kernel race condition.
-Prior to release 5.6.1 of Perl, bugs in the code of F<suidperl> could
-introduce a security hole.
-
=head2 Protecting Your Programs
There are a number of ways to hide the source to your Perl programs,