Re^2: UTF8 related proof of concept exploit released at T-DOSEby Juerd (Abbot)
|on Oct 16, 2007 at 01:05 UTC||Need Help??|
Because this is probably a side effect of somethingI'm not sure what you mean.
I mean that I find it surprising that enabling warnings suddenly makes the program die. It should warn, not die. Or, alternatively, it should die even without "use warnings".
"use warnings" without FATAL argument should not introduce fatal errors to the language. I suspect that the fatal exception is a side effect, not the intended behaviour.
The solution is very simple: do not use :utf8, but use :encoding(UTF8) (or for strict Unicode compliant UTF-8, use :encoding(UTF-8) (same, but with a hyphen)), as should have been done in the first place.Thats really crappy. Its huffman coded all wrong. IMO this should be raised on perl5porters with some thought to changing it for the better.
I agree that the huffman coding here is entirely wrong. Everything surrounding identifiers for the UTF8 flag, including its own names "svUTF8" and "the UTF8 flag" is very unfortunate. The very short name for the :utf8 PerlIO layer is downright dangerous, if :encoding(utf8) is the correct style.
However, I insist that :utf8 must not be made an abbreviation for :encoding(UTF-8), because that would encourage people to use :utf8, which in 5.8.0 thru 5.8.8 is a security risk, and these versions will stay around for a long time.
One solution that comes to mind is:
1 and 2 are, IMO, a good solution for a real problem. I'm not so sure 3 and 4 would be good: they'd make programs and modules depend on a new version of Perl only for syntactic sugar.