Web lists-archives.com

Re: Potentially insecure Perl scripts




On Wed, 2019-01-23 at 09:07 -0800, Russ Allbery wrote:
> Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx> writes:
> 
> > Apparently this has been klnown about for EIGHTEEN YEARS
> >   https://rt.perl.org/Public/Bug/Display.html?id=2783
> > and no-one has fixed it or even documented it.
> 
> It's been documented for pretty close to eighteen years too.  See
> perlop(1):
> 
>        The null filehandle "<>" is special: it can be used to emulate the
>        behavior of sed and awk, and any other Unix filter program that
>        takes a list of filenames, doing the same to each line of input
>        from all of them.  Input from "<>" comes either from standard
>        input, or from each file listed on the command line.

But this initial description is actively misleading.  It doesn't matter
that the giant booby-trap is documented several paragraphs further
down.  Why would a programmer expect that they need to read further
when they already understand this Unix convention?

There should be a big flashing WARNING or DEPRECATED right at the top
of the description.

[...]
> > I think this is a serious bug in Perl which should be fixed in a
> > security update.
> 
> There is absolutely no way.  So much stuff in Perl depends on this.  You
> will break all kinds of scripts.  It's been a feature of the language for
> basically forever.
[...]

People have said this about ASLR, protected symlinks, and many other
kinds of security hardening changes.  We made them anyway and took the
temporary pain for a long-term security gain.

Ben.

-- 
Ben Hutchings
The most exhausting thing in life is being insincere.
                                                 - Anne Morrow Lindberg


Attachment: signature.asc
Description: This is a digitally signed message part