develooper Front page | perl.perl5.porters | Postings from January 2019

[perl #131562] Multiple crash with eval

Thread Previous
From:
Tony Cook via RT
Date:
January 21, 2019 03:37
Subject:
[perl #131562] Multiple crash with eval
Message ID:
rt-4.0.24-7406-1548041849-1720.131562-15-0@perl.org
On Thu, 28 Sep 2017 11:03:45 -0700, tadinhsung@gmail.com wrote:
> I think this is a security bug because this bug can write out of
> bound. So
> we get the permission write, this bug can lead to remote code
> execution.
> This bug cause crash program through argument of eval function (denied
> of
> service).

Sorry, I missed this follow up.

If an attacker can feed code to eval, they can feed code like C< system "rm -rf /" >, making other bugs irrelevant.

Tony

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=131562

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About