Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

Re^2: Vulnerabilities when editing untrusted code... (Komodo)

by LanX (Bishop)
on Jul 01, 2010 at 11:05 UTC ( #847492=note: print w/replies, xml ) Need Help??

in reply to Re: Vulnerabilities when editing untrusted code... (Komodo)
in thread Vulnerabilities when editing untrusted code... (Komodo)


lanx@nc10-ubuntu:~$ cat >/tmp/ exit; ''=~('(?{B'.'EGIN{print "owned\n"}})') lanx@nc10-ubuntu:~$ perl /tmp/ owned lanx@nc10-ubuntu:~$ perl -c /tmp/ /tmp/ syntax OK

A syntax check doesn't execute your code!


corrected test:

lanx@nc10-ubuntu:/tmp$ cat > exit; ''=~('(?{B'.'EGIN{print "owned"}})') lanx@nc10-ubuntu:/tmp$ cat exit; ''=~('(?{B'.'EGIN{print "owned"}})') lanx@nc10-ubuntu:/tmp$ perl -c syntax OK ownedlanx@nc10-ubuntu:/tmp$

WOW! 8(

Cheers Rolf

Replies are listed 'Best First'.
Re^3: Vulnerabilities when editing untrusted code... (Komodo)
by Fox (Pilgrim) on Jul 01, 2010 at 11:59 UTC
    well, it actually executes for me:
    $ perl -c owned syntax OK $ perl -MO=Deparse owned exit; '' =~ /(?{BEGIN{print "owned\n"}})/; syntax OK $ perl --version This is perl, v5.10.0 built for x86_64-linux-gnu-thread-multi Copyright 1987-2007, Larry Wall Perl may be copied only under the terms of either the Artistic License + or the GNU General Public License, which may be found in the Perl 5 source ki +t. Complete documentation for Perl, including FAQ lists, should be found +on this system using "man perl" or "perldoc perl". If you have access to + the Internet, point your browser at, the Perl Home Pa +ge. $

      my fault, apparently I oversaw the "owend" text before the prompt.

      Thats REALLY strange... 8(

      Cheers Rolf

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://847492]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (6)
As of 2018-04-19 16:14 GMT
Find Nodes?
    Voting Booth?