develooper Front page | perl.perl5.porters | Postings from January 2019

[perl #131562] Multiple crash with eval

Thread Previous
Tony Cook via RT
January 21, 2019 03:37
[perl #131562] Multiple crash with eval
Message ID:
On Thu, 28 Sep 2017 11:03:45 -0700, wrote:
> I think this is a security bug because this bug can write out of
> bound. So
> we get the permission write, this bug can lead to remote code
> execution.
> This bug cause crash program through argument of eval function (denied
> of
> service).

Sorry, I missed this follow up.

If an attacker can feed code to eval, they can feed code like C< system "rm -rf /" >, making other bugs irrelevant.


via perlbug:  queue: perl5 status: open

Thread Previous Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About