develooper Front page | perl.perl5.porters | Postings from March 2000

security (and stupidity) bugs in perldoc

Tom Christiansen
March 6, 2000 13:06
security (and stupidity) bugs in perldoc
Message ID:
The following lines are bugs (but are not all of them)

    139     open(TEST,"<$file");
    188             opendir DIR, "@p";
    251             opendir(D,$dir);
    281         open(OUT,">>$tmp") or warn("Can't open $tmp: $!"), return;
    283         close OUT;
    288         my $rslt = `$cmd`;
    291             open(TMP,">>$tmp") or warn("Can't open $tmp: $!"), return;
    297         open(OUT,">>$tmp") or warn("Can't open $tmp: $!"), return;
    306         close OUT;
    456     else {
    457       $tmp = "/tmp/perldoc1.$$";
    458       $buffer = "/tmp/perldoc1.b$$";
    459     }

What's going on here?  This sad story just goes on and on.  

Do people really not realize how important testing the return values
of syscalls is?  Why are we shipping this?  Even worse, don't they
realize why all this evil code in all these programs lets their
password file get scribbled on?

At this point, the only recourse a sysadmin has is to remove virtually
all the Perl utilities other than perl that is--from their system.
It's not because they're pathetically sloppy, though that they are.
It's because they all constitute a clear threat to the account of
anyone who ever runs them, or to the whole system should root ever
run them.  Anyone who's ever run perlbug or perldoc or perlcc or
s2p or any of the rest of the them on a multiuser system is playing
Russian roulette.  And if you've ever done those things as root,
you're trying to take everyone else with you.

I'd hate for to have to start posting security alerts
on the front page, but these are *not* non-serious issues.  Perl needs
to be safe to install on a machine that isn't a single-user toybox.
Right now, it isn't.

--tom Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About