develooper Front page | perl.perl5.porters | Postings from October 2012

Re: Re: Security Issues in perl-5.16.x

Thread Previous | Thread Next
October 1, 2012 13:25
Re: Re: Security Issues in perl-5.16.x
Message ID:
On Monday, October 01, 2012 10:11:56 PM Leon Timmermans wrote:

> As far as I understand this requires the user to be in control of the
> $path in «require $path».

In some modules (including core modules), you can inject arbitrary code into a 
process by crafting the correct environment variable.

Sure, you have problems if I'm able to modify your environment variables, but 
how often do you audit your environment variables to see if I can exploit your 

-- c

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About