Web lists-archives.com

Re: Potentially insecure Perl scripts




On 2019-01-24 15:18:40 +0000, Ian Jackson wrote:
> Ian Jackson writes ("Re: Potentially insecure Perl scripts"):
> > The right answer is to fix the behaviour to be secure and sane by
> > default.  We can arrange for an environment variable for people who
> > want to turn the crazy back on.
> 
> To the Debian Perl maintainers: if I make a patch to make
>   -p -n <>
> use the 3-argument form of open (or equivalent), will you apply it ?

I fear that this is not that simple: I suppose that this will break
scripts that modify @ARGV to make <> secure. :(

Now, perhaps the number of such scripts is close to 0. I don't know.

-- 
Vincent Lefèvre <vincent@xxxxxxxxxx> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)