Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re^2: Vulnerabilities when editing untrusted code... (Komodo)

by LanX (Canon)
on Jul 01, 2010 at 11:05 UTC ( #847492=note: print w/ replies, xml ) Need Help??


in reply to Re: Vulnerabilities when editing untrusted code... (Komodo)
in thread Vulnerabilities when editing untrusted code... (Komodo)

Really???

lanx@nc10-ubuntu:~$ cat >/tmp/tst.pl exit; ''=~('(?{B'.'EGIN{print "owned\n"}})') lanx@nc10-ubuntu:~$ perl /tmp/tst.pl owned lanx@nc10-ubuntu:~$ perl -c /tmp/tst.pl /tmp/tst.pl syntax OK

A syntax check doesn't execute your code!

UPDATE:

corrected test:

lanx@nc10-ubuntu:/tmp$ cat >tst.pl exit; ''=~('(?{B'.'EGIN{print "owned"}})') lanx@nc10-ubuntu:/tmp$ cat tst.pl exit; ''=~('(?{B'.'EGIN{print "owned"}})') lanx@nc10-ubuntu:/tmp$ perl -c tst.pl tst.pl syntax OK ownedlanx@nc10-ubuntu:/tmp$

WOW! 8(

Cheers Rolf


Comment on Re^2: Vulnerabilities when editing untrusted code... (Komodo)
Select or Download Code
Re^3: Vulnerabilities when editing untrusted code... (Komodo)
by Fox (Pilgrim) on Jul 01, 2010 at 11:59 UTC
    well, it actually executes for me:
    $ perl -c tst.pl owned tst.pl syntax OK $ perl -MO=Deparse tst.pl owned exit; '' =~ /(?{BEGIN{print "owned\n"}})/; tst.pl syntax OK $ perl --version This is perl, v5.10.0 built for x86_64-linux-gnu-thread-multi Copyright 1987-2007, Larry Wall Perl may be copied only under the terms of either the Artistic License + or the GNU General Public License, which may be found in the Perl 5 source ki +t. Complete documentation for Perl, including FAQ lists, should be found +on this system using "man perl" or "perldoc perl". If you have access to + the Internet, point your browser at http://www.perl.org/, the Perl Home Pa +ge. $
      Thanks!

      my fault, apparently I oversaw the "owend" text before the prompt.

      Thats REALLY strange... 8(

      Cheers Rolf

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://847492]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (6)
As of 2014-10-22 23:58 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (122 votes), past polls