develooper Front page | perl.perl5.porters | Postings from October 2012

Re: Security Issues in perl-5.16.x

Thread Previous | Thread Next
David Golden
October 2, 2012 16:36
Re: Security Issues in perl-5.16.x
Message ID:
On Tue, Oct 2, 2012 at 7:15 PM, Chip Salzenberg <> wrote:
> On Tue, Oct 2, 2012 at 6:12 AM, David Golden <> wrote:
>> Imagine some poorly implemented web server
>> that dumps query parameters into %ENV
> That's not a useful starting case.  It is stunningly insecure, NULs or no NULs.

Agreed.  But I can't get my brain around where the risk of untainted
%ENV keys comes from -- so I'm looking for something implausible that
perhaps smarter people than I can work back from.

David Golden <>
Take back your inbox! →
Twitter/IRC: @xdg

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About