develooper Front page | perl.perl5.porters | Postings from January 2017

[perl #130100] local code execution flaw in win32/bin/search.pl

From:
Tony Cook via RT
Date:
January 31, 2017 04:20
Subject:
[perl #130100] local code execution flaw in win32/bin/search.pl
Message ID:
rt-4.0.24-22968-1485836439-884.130100-15-0@perl.org
On Wed, 16 Nov 2016 06:51:08 -0800, john@nixnuts.net wrote:
> On Wed, 2016-11-16 at 01:32 -0800, Sawyer X via RT wrote:
> > I've been looking at it. It reports to be a find + grep, but better
> > (more options, faster, etc.). The last meaningful commit on it was at
> > 2003.
> >
> > Does anyone object to removing it? It could be moved onto CPAN (and
> > fixed), but also removed outright.
> >
> > Tony, if you approve, I can email on the list plans to remove it and
> > ask if anyone objects or would like to move it to CPAN.
> >
> 
> I wasn't aware that '|' is a reserved filename character on Windows.
> Since that
> is the case, I'd agree this isn't a vulnerability.

This ticket is now public.

> Removal sounds like a good solution to me.

The discussion at:

http://www.nntp.perl.org/group/perl.perl5.porters/2016/11/msg241072.html

concluded with removing it in 5.30.

Tony


---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=130100



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About