Front page | perl.perl5.porters |
Postings from May 2003
-----BEGIN PGP SIGNED MESSAGE-----
Moin,
>-------- Original Message --------
>Subject: Re: [perl #22224] patch perldiag.pod for POSIX functions,
>diagnostics.t
>Date: Thu, 22 May 2003 22:42:37 -0600
>From: Jim Cromie <jcromie@divsol.com>
>To: perl-qa@perl.org
>References: <20030520133002.25016.qmail@web41812.mail.yahoo.com>
>+ system("perldoc $name| /usr/bin/less +/$f
>+ return 1;
>+ }
>+ if ($msg{$_} =~ m|See (\w+)/(\w+)|) {
>+ $name = $1; $sect = $2;
>+ print"err=$orig,name=$name,sect=$sect,pkg=$pkg,func=$func\n";
>+ system("perldoc $name| /usr/bin/less +/$sect");unc");
Does anybody else see potential ways to abuse this by having system
executing $name = ';rm * -fR'; "perldoc $name|..." someday in the future
(when the \w+ is relaxed by somebody else for instance,or modified by
another patch)?
Best wishes,
Tels
- --
Signed on Mon May 26 21:11:37 2003 with http://bloodgate.com/tels.asc
perl -MDev::Bollocks -le'print Dev::Bollocks->rand()'
administratively embrace exceptional architectures
http://www.notcpa.org/ You have the freedom to run any code. Yet.
http://bloodgate.com/perl My current Perl projects
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.
iQEVAwUBPtJm6XcLPEOTuEwVAQHKCgf/UEiAfzYnl7krQhIDq9lBkBGmd+Lqle/V
i2SEn8e0AcIrZMxeUjiUdXkD0YrqI48mxBOj3XfFirVD5KzvJ5SmrIzJNKNt7QVA
urIfHC+YiJGms0eX+4FwfTBbTiEMsBK49xKSaiNuW+v7DprM1mRhtBXoCZb3k7hH
ewmPA5mesY/RWVaFczSAuDfF9hu9NJWowyBMk7jV5Wa27v+CILiHoQqjbGEk65Pw
P9k4V9RGdBoB718ebB5KhNsGK+e+X3kGall62L8d0c49gB3HuUN/ziLq6XWPOJ/i
OnTUGr4xcdmrByjjYIW4KT05KqKVwJbChbXQbV2+Q3TGJ/GDaAkHrg==
=g0th
-----END PGP SIGNATURE-----
Thread Previous
|
Thread Next