develooper Front page | perl.perl5.porters | Postings from October 2012

Re: Security Issues in perl-5.16.x

Thread Previous | Thread Next
Reini Urban
October 1, 2012 18:44
Re: Security Issues in perl-5.16.x
Message ID:
On Mon, Oct 1, 2012 at 8:33 PM, Aristotle Pagaltzis <> wrote:
> * Reini Urban <> [2012-10-02 03:05]:
>> There is no need at all to allow \0 in names at all, and \0 being
>> passed to system ops need to caught. There cannot be any \0 in
>> usernames, group names, filenames, dir names and such. People know
>> about strings but not about names.
> Is there any reason for interfaces to NUL-sensitive syscalls not to
> always check and die if they’re asked to pass a string that contains
> NULs? The way I see it, regardless of whether there even are security
> implications or not, Perl is being asked to do something it cannot. To
> my mind it should give up and tell the user that, instead of silently
> doing some proximate other thing.


This argument was in the past always ignored and left over to
additional modules.
This gives a bad reputation to perl as language.
Reini Urban

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About