develooper Front page | perl.perl5.porters | Postings from July 2009

[PATCH] Add security contact information to perlsec

Thread Next
David Golden
July 25, 2009 15:59
[PATCH] Add security contact information to perlsec
Message ID:
This patch inserts a short paragraph with security contact
information near the top of the "Perl Security" documentation
page.  This would seem a likely place someone would look for
such information (rather than INSTALL or perldelta where it
lives today).  I've put it at the top, not the bottom
to make it easier to find.
 pod/perlsec.pod |   12 ++++++++++++
 1 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/pod/perlsec.pod b/pod/perlsec.pod
index 05d9588..d11e3dc 100644
--- a/pod/perlsec.pod
+++ b/pod/perlsec.pod
@@ -12,6 +12,18 @@ with fewer hidden snags.  Additionally, because the language has more
 builtin functionality, it can rely less upon external (and possibly
 untrustworthy) programs to accomplish its purposes.
+If you believe you have found a security vulnerability in Perl, please email with details.  This points to a closed
+subscription, unarchived mailing list.  Please only use this address for
+security issues in the Perl core, not for modules independently distributed on
+=head2 Taint mode
 Perl automatically enables a set of special security checks, called I<taint
 mode>, when it detects its program running with differing real and effective
 user or group IDs.  The setuid bit in Unix permissions is mode 04000, the

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About