[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Potentially insecure Perl scripts

Ian Jackson writes ("Re: Potentially insecure Perl scripts"):
> The right answer is to fix the behaviour to be secure and sane by
> default.  We can arrange for an environment variable for people who
> want to turn the crazy back on.

To the Debian Perl maintainers: if I make a patch to make
  -p -n <>
use the 3-argument form of open (or equivalent), will you apply it ?

To the Debian security team: would you ship it in a security update ?

We already did a much bigger breaking change with @INC and I have to
say that even though some of my own code broke, I thought that was


Ian Jackson <ijackson@chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Reply to: