Potentially insecure Perl scripts
Vincent Lefevre
vincent at vinc17.net
Thu Jan 24 23:41:20 GMT 2019
On 2019-01-24 15:18:40 +0000, Ian Jackson wrote:
> Ian Jackson writes ("Re: Potentially insecure Perl scripts"):
> > The right answer is to fix the behaviour to be secure and sane by
> > default. We can arrange for an environment variable for people who
> > want to turn the crazy back on.
>
> To the Debian Perl maintainers: if I make a patch to make
> -p -n <>
> use the 3-argument form of open (or equivalent), will you apply it ?
I fear that this is not that simple: I suppose that this will break
scripts that modify @ARGV to make <> secure. :(
Now, perhaps the number of such scripts is close to 0. I don't know.
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the Perl-maintainers
mailing list