develooper Front page | perl.perl5.porters | Postings from October 2012

Re: Security Issues in perl-5.16.x

Thread Previous | Thread Next
David Golden
October 3, 2012 03:57
Re: Security Issues in perl-5.16.x
Message ID:
On Wed, Oct 3, 2012 at 6:16 AM, Leon Timmermans <> wrote:
>> The point that Chip is making is: how would you propose stopping package
>> names from containing nulls? Packages are just hashes internally.
>> Should all packages get set uvar magic that dies if the key contains a
>> null or something like that? That seems pretty ugly.
> Agreed. I'm not seeing any inherent reason why package names shouldn't
> be allowed to contain binary data.

I don't see any inherent reason why they should.

I see an *implementation* detail why they should, which is that they
are implemented using hashes, which do have an inherent reason for
allowing binary data in the keys.

David Golden <>
Take back your inbox! →
Twitter/IRC: @xdg

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About