develooper Front page | perl.perl6.users | Postings from June 2018

Re: EVAL?

Thread Previous | Thread Next
From:
Brandon Allbery
Date:
June 14, 2018 17:44
Subject:
Re: EVAL?
Message ID:
CAKFCL4W=0Dq4o+nZTMKodGXiQeMTofNR=qsedQeYrGSZ1Q+Z8g@mail.gmail.com
That's just a different variant of an old shell "hack": drop a program
named "test" somewhere where root might run a shell script.

Which is why root's path no longer includes the current directory, and
these days nothing outside the system directories.

On Thu, Jun 14, 2018 at 1:37 PM ToddAndMargo <ToddAndMargo@zoho.com> wrote:

> On 06/14/2018 10:30 AM, Brandon Allbery wrote:
> > In short, pragmas are all-same-case "use" names; instead of loading
> > code, they tell the compiler to change its behavior.
> >
> > The MONKEY-* pragmas generally control various kinds of unsafe or
> > dangerous behavior, including direct access to the mechanisms underneath
> > / "supporting" Rakudo and things like EVAL. Other all-uppercase names
> > also generally represent "dangerous" actions or options.
> >
> > There are a few pragmas that are all lowercase instead of all uppercase;
> > they also change the compiler's behavior, but are safer than the
> > all-uppercase ones. "use lib" is one of them. (This is why modules are
> > generally mixed-case names.)
>
>
> Thank you!
>
> Speaking of dangerous, go find a perl program being run by root,
> inject some code into one of its modules, and ...
>


-- 
brandon s allbery kf8nh                               sine nomine associates
allbery.b@gmail.com                                  ballbery@sinenomine.net
unix, openafs, kerberos, infrastructure, xmonad        http://sinenomine.net

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About