Potentially insecure Perl scripts

To: debian-devel@lists.debian.org
Subject: Potentially insecure Perl scripts
From: Vincent Lefevre <vincent@vinc17.net>
Date: Wed, 23 Jan 2019 14:05:54 +0100
Message-id: <[🔎] 20190123130554.GA23813@cventin.lip.ens-lyon.fr>
Mail-followup-to: debian-devel@lists.debian.org

Hi,

I've just reported

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920269

against gropdf (also reported upstream to bug-groff), about the use of
the insecure null filehandle "<>" in Perl, which can lead to arbitrary
command execution, e.g. when using wildcards.

I've noticed that some other Perl scripts also use this filehandle and
might be affected by the same issue.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

Follow-Ups:
- Re: Potentially insecure Perl scripts
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Potentially insecure Perl scripts
  - From: Alex Mestiashvili <amestia@rsh2.donotuse.de>
- Re: Potentially insecure Perl scripts
  - From: Guillem Jover <guillem@debian.org>

Prev by Date: Bug#920262: ITP: prometheus-postfix-exporter -- Prometheus exporter for Postfix mail servers
Next by Date: Re: Potentially insecure Perl scripts
Previous by thread: Bug#920262: ITP: prometheus-postfix-exporter -- Prometheus exporter for Postfix mail servers
Next by thread: Re: Potentially insecure Perl scripts
Index(es):
- Date
- Thread