Re: Potentially insecure Perl scripts
- Date: Wed, 23 Jan 2019 16:44:07 +0100
- From: Vincent Lefevre <vincent@xxxxxxxxxx>
- Subject: Re: Potentially insecure Perl scripts
On 2019-01-23 15:32:00 +0000, Ian Jackson wrote:
> This is completely mad and IMO the bug is in perl, not in all of the
> millions of perl scripts that used <> thinking it was a sensible thing
> to write.
I agree that it would be better to drop this "feature" of Perl.
It is probably never used, and probably useless (I would rather
use the features from the shell if I need a pipe).
If this is modified, "-" must still be supported as being
regarded as stdin (this one is normally safe, and at least
developers should already be aware of it).
Vincent Lefèvre <vincent@xxxxxxxxxx> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)