develooper Front page | perl.perl5.porters | Postings from October 2012

Re: Security Issues in perl-5.16.x

Thread Previous | Thread Next
From:
Leon Timmermans
Date:
October 3, 2012 03:17
Subject:
Re: Security Issues in perl-5.16.x
Message ID:
CAHhgV8jr7_HziMKiB4_qTs34Sg5JTkKGtme1mJQWYqRDK_DMWQ@mail.gmail.com
On Wed, Oct 3, 2012 at 1:32 AM, Jesse Luehrs <doy@tozt.net> wrote:
> The point that Chip is making is: how would you propose stopping package
> names from containing nulls? Packages are just hashes internally.
> Should all packages get set uvar magic that dies if the key contains a
> null or something like that? That seems pretty ugly.

Agreed. I'm not seeing any inherent reason why package names shouldn't
be allowed to contain binary data.

>I don't see
> anything wrong with package names (keys in a stash) containing nulls,
> although having system calls die when they are given a string containing
> a null could potentially be a good idea.

I think EINVAL is the error you're looking for ;-)

Leon

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About