Front page | perl.perl5.porters |
Postings from October 2003
Ton Hospel wrote: > In article <20031027002524.7b444942.rgarciasuarez@_ree._r>, > Rafael Garcia-Suarez <rgarciasuarez@free.fr> writes: > > Maybe do nothing and let people shoot in their feet. > > > > Maybe just forbid aliasing *ENV at all. (with the collateral damage > > on $ENV etc.) (or couldn't this chained alias thing be solved > > by looking at the GvEGV ?) > > Crashing, dieing, compile erors etc. are all solutions (though > certainly not my preferred solutions), but doing nothing isn't > acceptable since it's a potential security hole. I just fixed the coredump case. It was very data-dependent and didn't always occur ; most of the time it only corrupted memory. > (my expectation and preferred solution was already mentioned in my > previous message) I don't like special-casing "local *ENV" over all other "local *symbol". Other proposal : in TAINT_ENV, the routine that checks for a tainted environment, croak() if %ENV hasn't environment-magic, or if the hash slot of the *ENV glob is empty. This modifies only the behaviour of perl with -T.Thread Previous | Thread Next