Re: Potentially insecure Perl scripts
- Date: Fri, 25 Jan 2019 00:41:20 +0100
- From: Vincent Lefevre <vincent@xxxxxxxxxx>
- Subject: Re: Potentially insecure Perl scripts
On 2019-01-24 15:18:40 +0000, Ian Jackson wrote:
> Ian Jackson writes ("Re: Potentially insecure Perl scripts"):
> > The right answer is to fix the behaviour to be secure and sane by
> > default. We can arrange for an environment variable for people who
> > want to turn the crazy back on.
> To the Debian Perl maintainers: if I make a patch to make
> -p -n <>
> use the 3-argument form of open (or equivalent), will you apply it ?
I fear that this is not that simple: I suppose that this will break
scripts that modify @ARGV to make <> secure. :(
Now, perhaps the number of such scripts is close to 0. I don't know.
Vincent Lefèvre <vincent@xxxxxxxxxx> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)