develooper Front page | perl.perl5.porters | Postings from October 2012

Re: Re: Security Issues in perl-5.16.x

Thread Previous | Thread Next
From:
chromatic
Date:
October 1, 2012 13:25
Subject:
Re: Re: Security Issues in perl-5.16.x
Message ID:
1419786.oPTrVz5hVi@innerwheel
On Monday, October 01, 2012 10:11:56 PM Leon Timmermans wrote:

> As far as I understand this requires the user to be in control of the
> $path in «require $path».

In some modules (including core modules), you can inject arbitrary code into a 
process by crafting the correct environment variable.

Sure, you have problems if I'm able to modify your environment variables, but 
how often do you audit your environment variables to see if I can exploit your 
Perl?

-- c

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About