develooper Front page | perl.perl5.porters | Postings from October 2012

Re: Security Issues in perl-5.16.x

Thread Previous | Thread Next
From:
David Golden
Date:
October 3, 2012 03:57
Subject:
Re: Security Issues in perl-5.16.x
Message ID:
CAOeq1c-ORKWd2ttjbAPN1G5hUO6GVytTd3+3+Chw=4OaWCnfNA@mail.gmail.com
On Wed, Oct 3, 2012 at 6:16 AM, Leon Timmermans <fawaka@gmail.com> wrote:
>
>> The point that Chip is making is: how would you propose stopping package
>> names from containing nulls? Packages are just hashes internally.
>> Should all packages get set uvar magic that dies if the key contains a
>> null or something like that? That seems pretty ugly.
>
> Agreed. I'm not seeing any inherent reason why package names shouldn't
> be allowed to contain binary data.

I don't see any inherent reason why they should.

I see an *implementation* detail why they should, which is that they
are implemented using hashes, which do have an inherent reason for
allowing binary data in the keys.

-- 
David Golden <xdg@xdg.me>
Take back your inbox! → http://www.bunchmail.com/
Twitter/IRC: @xdg

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About