Re: Re^4: Dangerous diamonds! (races)by sauoq (Abbot)
|on May 22, 2003 at 08:12 UTC||Need Help??|
I never said "Perl is a poor tool". I suppose I could have been more precise and said something awkward
I realized what you intended to say after I responded to it. That's why I added the footnote. You stated it well enough; the confusion was mine. I'm sorry I didn't take the time to reword my response there.
I consider the feature of executing filenames to be a pathetic feature.
I do agree. I just don't think that the implications are all that serious in reality. From a theoretical standpoint, it's friggin' terrible. But once you take into account how systems are really used, the impact is minimal because it is so impractical to exploit.
I don't think such needs to induce panic.
I guess big nouns don't always make for eloquent speech either. Like I said, I do advocate education. I'd prefer a "using perl -ne as root has some security implications you should be aware of" to an absolutist "don't do it" approach though.
2-argument open just doesn't bother me near as much.
Really? Now see, that one bothers me a lot more. And for a very simple reason: it has resulted in many more actual serious security vulnerabilities. In theory, it might be less egregious but in practice it has been improperly used by scads of casual programmers who have unwittingly written innumerable remote exploits. And they continue to do so. That's a problem that won't go away until two-argument open does (or is fixed.)
-sauoq "My two cents aren't worth a dime.";