develooper Front page | perl.perl5.porters | Postings from October 2012

Re: Security Issues in perl-5.16.x

Thread Previous | Thread Next
From:
Aristotle Pagaltzis
Date:
October 2, 2012 16:37
Subject:
Re: Security Issues in perl-5.16.x
Message ID:
20121002233731.GA31956@fernweh.plasmasturm.org
* Chip Salzenberg <rev.chip@gmail.com> [2012-10-03 01:15]:
> On Mon, Oct 1, 2012 at 11:56 PM, Aristotle Pagaltzis <pagaltzis@gmx.de> wrote:
> > * Chip Salzenberg <rev.chip@gmail.com> [2012-10-02 07:05]:
> >> If you meant only to restrict only strings handed to require and do
> >> FILE, I would not fork Perl for that. Of course I would still hold
> >> you in derision for demanding it, given its utter uselessness; and
> >> I would enthusiastically mock anyone who decided to go along with you.
> >> But I wouldn't fork Perl.
> >
> > Just because? Or do you have any use for that?
>
> I do have a use. For the first example off the top of my head, I've
> made some spam-fighting software that uses packed IPv4 addresses as
> hash keys. Those have NULs in them for sure.
>
> I truly can't believe this is a question. Strings can have NULs in
> them. Hash keys are strings...

That is because no one asked such a question. Did you notice which part
of your post I quoted? Didn’t the silliness of what you thought I was
asking give you any pause?

I was asking about `require`, `open`, etc passing on strings with NULs
in the middle to syscalls. You said you would not be opposed to making
them refuse to, but would gleefully mock whoever demanded it. I wanted
to know the basis for the promised mocking. Please concentrate.

So, again: what use do you have for `require` passing middle-of-string
NULs through?

Regards,
-- 
Aristotle Pagaltzis // <http://plasmasturm.org/>

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About