Re: Potentially insecure Perl scripts

To: Vincent Lefevre <vincent@vinc17.net>
Cc: debian-devel@lists.debian.org
Subject: Re: Potentially insecure Perl scripts
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Wed, 23 Jan 2019 15:32:00 +0000
Message-id: <[🔎] 23624.35056.535579.997708@chiark.greenend.org.uk>
In-reply-to: <[🔎] 20190123130554.GA23813@cventin.lip.ens-lyon.fr>
References: <[🔎] 20190123130554.GA23813@cventin.lip.ens-lyon.fr>

Vincent Lefevre writes ("Potentially insecure Perl scripts"):
> I've just reported
>   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920269
> against gropdf (also reported upstream to bug-groff), about the use of
> the insecure null filehandle "<>" in Perl, which can lead to arbitrary
> command execution, e.g. when using wildcards.
> 
> I've noticed that some other Perl scripts also use this filehandle and
> might be affected by the same issue.

OMFG.  This is worse than shellshock.

  $ perl -pe 's/^/got /' "whoami|"
  got iwj
  $

This is completely mad and IMO the bug is in perl, not in all of the
millions of perl scripts that used <> thinking it was a sensible thing
to write.

Ian.

-- 
Ian Jackson <ijackson@chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Reply to:

Follow-Ups:
- Re: Potentially insecure Perl scripts
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Potentially insecure Perl scripts
  - From: Vincent Lefevre <vincent@vinc17.net>

References:
- Potentially insecure Perl scripts
  - From: Vincent Lefevre <vincent@vinc17.net>

Prev by Date: Potentially insecure Perl scripts
Next by Date: Re: Potentially insecure Perl scripts
Previous by thread: Potentially insecure Perl scripts
Next by thread: Re: Potentially insecure Perl scripts
Index(es):
- Date
- Thread