develooper Front page | perl.perl5.porters | Postings from October 2012

Re: Security Issues in perl-5.16.x

Thread Previous | Thread Next
Aristotle Pagaltzis
October 2, 2012 16:37
Re: Security Issues in perl-5.16.x
Message ID:
* Chip Salzenberg <> [2012-10-03 01:15]:
> On Mon, Oct 1, 2012 at 11:56 PM, Aristotle Pagaltzis <> wrote:
> > * Chip Salzenberg <> [2012-10-02 07:05]:
> >> If you meant only to restrict only strings handed to require and do
> >> FILE, I would not fork Perl for that. Of course I would still hold
> >> you in derision for demanding it, given its utter uselessness; and
> >> I would enthusiastically mock anyone who decided to go along with you.
> >> But I wouldn't fork Perl.
> >
> > Just because? Or do you have any use for that?
> I do have a use. For the first example off the top of my head, I've
> made some spam-fighting software that uses packed IPv4 addresses as
> hash keys. Those have NULs in them for sure.
> I truly can't believe this is a question. Strings can have NULs in
> them. Hash keys are strings...

That is because no one asked such a question. Did you notice which part
of your post I quoted? Didn’t the silliness of what you thought I was
asking give you any pause?

I was asking about `require`, `open`, etc passing on strings with NULs
in the middle to syscalls. You said you would not be opposed to making
them refuse to, but would gleefully mock whoever demanded it. I wanted
to know the basis for the promised mocking. Please concentrate.

So, again: what use do you have for `require` passing middle-of-string
NULs through?

Aristotle Pagaltzis // <>

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About