Re: Upcoming change to perl: current directory in @INC
Vincent Lefevre <vincent@vinc17.net> writes:
> On 2016-09-08 08:44:54 -0700, Russ Allbery wrote:
>> That's a little better but not a lot better. It means that it's still
>> unsafe to run any script out of a world-writeable directory such as
>> /tmp, even if the sticky bit is set.
> Running things in /tmp or its subdirectories is prone to security
> bugs people do not care to fix.
And yet, sadly, people do it all the time. :(
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: