Potentially insecure Perl scripts
- Date: Wed, 23 Jan 2019 14:05:54 +0100
- From: Vincent Lefevre <vincent@xxxxxxxxxx>
- Subject: Potentially insecure Perl scripts
I've just reported
against gropdf (also reported upstream to bug-groff), about the use of
the insecure null filehandle "<>" in Perl, which can lead to arbitrary
command execution, e.g. when using wildcards.
I've noticed that some other Perl scripts also use this filehandle and
might be affected by the same issue.
Vincent Lefèvre <vincent@xxxxxxxxxx> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)