develooper Front page | perl.perl5.porters | Postings from October 2012

Re: Security Issues in perl-5.16.x

Thread Previous | Thread Next
From:
demerphq
Date:
October 2, 2012 16:43
Subject:
Re: Security Issues in perl-5.16.x
Message ID:
CANgJU+Vpw0_eF1XMBnMg-rRcba354=xGf1gRk-vY3wFe=-0vOQ@mail.gmail.com
On 3 October 2012 01:40, Chip Salzenberg <rev.chip@gmail.com> wrote:
> On Tue, Oct 2, 2012 at 4:32 PM, Jesse Luehrs <doy@tozt.net> wrote:
>> The point that Chip is making is: how would you propose stopping package
>> names from containing nulls?
>
> Indeed.  And with a large side order of why.

We have had in the past real security issues related to package names
mapping to file names. It is not clear to me that nulls in package
names are intrinsically safe so for the sake of this discussion I am
assuming they are not.

Which seems to me a pretty good reason why.

Yves

-- 
perl -Mre=debug -e "/just|another|perl|hacker/"

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About