Front page | perl.perl5.porters |
Postings from September 2002
# New Ticket Created by Steve Christey # Please include the string: [perl #17698] # in the subject line of all future correspondence about this issue. # <URL: http://rt.perl.org/rt2/Ticket/Display.html?id=17698 > Hello, I am a computer security researcher. I have recently found some ways that programmers could misuse certain Perl functions with potential security implications (no, not the same old open() or system() problems). However, there is a possibility that there are security-related bugs in Perl itself, including a potential bug in the taint checker. I would like to consult with someone to confirm this issue. Because I don't know who is going to see this email, I am omitting details until I hear from someone. However, one vulnerability researcher has already alluded to the type of problem I am discussing, so the issue is at least partially public. The Responsible Vulnerability Disclosure Process guidelines [1] suggest that a vendor or developer should respond to an initial security vulnerability report within 7 days. I hope to hear from you within that time frame. Regards, Steve Christey Principal Information Security Engineer The MITRE Corporation [1] http://www.ietf.org/internet-drafts/draft-christey-wysopal-vuln-disclosure-00.txtThread Next