Re: Upcoming change to perl: current directory in @INC

To: debian-devel@lists.debian.org
Subject: Re: Upcoming change to perl: current directory in @INC
From: Russ Allbery <rra@debian.org>
Date: Fri, 09 Sep 2016 12:48:19 -0700
Message-id: <[🔎] 87a8fgq2gs.fsf@hope.eyrie.org>
In-reply-to: <[🔎] 20160909121512.GC18696@zira.vinc17.org> (Vincent Lefevre's message of "Fri, 9 Sep 2016 14:15:12 +0200")
References: <20160829133947.GA9221@themisto.larted.org.uk> <[🔎] CANBHLUjOauXfUYK29uFoN88yznKLSjKR167_3ECgMQWummSAOw@mail.gmail.com> <[🔎] 20160908110421.gjmzn576vg6vxtbp@exolobe3> <[🔎] 87twdq4cqx.fsf@hope.eyrie.org> <[🔎] 20160909121512.GC18696@zira.vinc17.org>

Vincent Lefevre <vincent@vinc17.net> writes:
> On 2016-09-08 08:44:54 -0700, Russ Allbery wrote:

>> That's a little better but not a lot better.  It means that it's still
>> unsafe to run any script out of a world-writeable directory such as
>> /tmp, even if the sticky bit is set.

> Running things in /tmp or its subdirectories is prone to security
> bugs people do not care to fix.

And yet, sadly, people do it all the time.  :(

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

References:
- Re: Upcoming change to perl: current directory in @INC
  - From: Dimitri John Ledkov <xnox@debian.org>
- Re: Upcoming change to perl: current directory in @INC
  - From: Lars Wirzenius <liw@liw.fi>
- Re: Upcoming change to perl: current directory in @INC
  - From: Russ Allbery <rra@debian.org>
- Re: Upcoming change to perl: current directory in @INC
  - From: Vincent Lefevre <vincent@vinc17.net>

Prev by Date: Re: Standards-Version field should be deprecated
Next by Date: Re: Network access during build
Previous by thread: Re: Upcoming change to perl: current directory in @INC
Next by thread: Re: Upcoming change to perl: current directory in @INC
Index(es):
- Date
- Thread