Re: Potentially insecure Perl scripts

To: debian-devel@lists.debian.org
Subject: Re: Potentially insecure Perl scripts
From: Vincent Lefevre <vincent@vinc17.net>
Date: Wed, 23 Jan 2019 16:44:07 +0100
Message-id: <[🔎] 20190123154407.GA15242@cventin.lip.ens-lyon.fr>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 23624.35056.535579.997708@chiark.greenend.org.uk>
References: <[🔎] 20190123130554.GA23813@cventin.lip.ens-lyon.fr> <[🔎] 23624.35056.535579.997708@chiark.greenend.org.uk>

On 2019-01-23 15:32:00 +0000, Ian Jackson wrote:
> This is completely mad and IMO the bug is in perl, not in all of the
> millions of perl scripts that used <> thinking it was a sensible thing
> to write.

I agree that it would be better to drop this "feature" of Perl.
It is probably never used, and probably useless (I would rather
use the features from the shell if I need a pipe).

If this is modified, "-" must still be supported as being
regarded as stdin (this one is normally safe, and at least
developers should already be aware of it).

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

Follow-Ups:
- Re: Potentially insecure Perl scripts
  - From: Colin Watson <cjwatson@debian.org>
- Re: Potentially insecure Perl scripts
  - From: Alex Mestiashvili <amestia@rsh2.donotuse.de>

References:
- Potentially insecure Perl scripts
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: Potentially insecure Perl scripts
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>

Prev by Date: Re: Potentially insecure Perl scripts
Next by Date: Re: Potentially insecure Perl scripts
Previous by thread: Re: Potentially insecure Perl scripts
Next by thread: Re: Potentially insecure Perl scripts
Index(es):
- Date
- Thread