[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Potentially insecure Perl scripts


I've just reported


against gropdf (also reported upstream to bug-groff), about the use of
the insecure null filehandle "<>" in Perl, which can lead to arbitrary
command execution, e.g. when using wildcards.

I've noticed that some other Perl scripts also use this filehandle and
might be affected by the same issue.

Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to: