Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister

Re^2: Bug in perl command line processing?

by demerphq (Chancellor)
on May 22, 2012 at 21:14 UTC ( #971878=note: print w/replies, xml ) Need Help??

in reply to Re: Bug in perl command line processing?
in thread Bug in perl command line processing?

The -e1 is unnecessary.

$ perl -MO=Deparse -i'foo e eval "warn q[bar]";' BEGIN { $^I = "foo"; } eval 'warn q[bar]'; -e syntax OK

I vote bug.


Replies are listed 'Best First'.
Re^3: Bug in perl command line processing?
by davido (Archbishop) on May 22, 2012 at 21:34 UTC

    The -e1 is unnecessary.

    That seems to be because perl sees the 'e' in 'foo e eval...' as an -e command line switch. Change it to something else besides 'e' and the behavior changes.

    It sort of feels like the same sort of exploit one should worry about when using the two-arg open unsafely, passing user data to a database without placeholders, or instantiating user data as variable names.


      Yes, but to me that is THE bug.



        BTW: It doesn't seem to propagate into full-fledged scripts like this:

        #!/usr/bin/perl -i'foo e eval "warn q[bar]" ' 1;

        From what I can tell, -i has to actually appear on the command-line, which hopefully self-limits its significance as a tool for exploit.


Re^3: Bug in perl command line processing?
by sauoq (Abbot) on May 22, 2012 at 21:42 UTC
    The -e1 is unnecessary.

    Yes, sorry. I should have explained my intent... I was showing that by adding the ';' to the OP's you could include -e1 without an error.

    "My two cents aren't worth a dime.";

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://971878]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (5)
As of 2016-10-27 09:56 GMT
Find Nodes?
    Voting Booth?
    How many different varieties (color, size, etc) of socks do you have in your sock drawer?

    Results (358 votes). Check out past polls.