Potentially insecure Perl scripts
Hi,
I've just reported
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920269
against gropdf (also reported upstream to bug-groff), about the use of
the insecure null filehandle "<>" in Perl, which can lead to arbitrary
command execution, e.g. when using wildcards.
I've noticed that some other Perl scripts also use this filehandle and
might be affected by the same issue.
--
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Reply to: