Re: Potentially insecure Perl scripts
Ian Jackson writes ("Re: Potentially insecure Perl scripts"):
> Even if we care only about scripts which are part of Debian, rather
> than scripts which people merely expect to run on Debian (and where
> they trust Debian to not blow their leg off), there will probably be
> many thousands.
I asked codesearch about
and got 10780 results.
- does not include situations where -p and -e are wrong
- does not include other dangerous uses of <>
- it does probably include some scripts which will never
see potentially hostile filenames
- will include some matches in things other than Perl but
probably not many
I think this does mean that *at least* 10780 locations in Debian would
need to be looked at by a human being to see what to do about them.
I think, effectively, you are proposing a >10780-bug MBF ?
Ian Jackson <email@example.com> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.