Beefy Boxes and Bandwidth Generously Provided by pair Networks DiBona
Just another Perl shrine
 
PerlMonks  

Perl 5.16 binary filename security problem?

by zentara (Archbishop)
on Jul 16, 2012 at 10:57 UTC ( #982005=perlquestion: print w/ replies, xml ) Need Help??
zentara has asked for the wisdom of the Perl Monks concerning the following question:

Hi, I saw this in the Perl Weekly Newsletter this morning.... Cygwin author claims security problems in Perl 5.16

He said:

"I've got practical and conceptual problems with perl 5.16, so 5.14 it will be stable for the time being, at least until 5.16.1 will come out. But it looks like only 5.18 will have inherent security problems with binary names in 5.16 fixed. I consider using 5.16 too risky. (not only on windows)."

Can anyone explain what this is about?


I'm not really a human, but I play one on earth.
Old Perl Programmer Haiku ................... flash japh

Comment on Perl 5.16 binary filename security problem?
Re: Perl 5.16 binary filename security problem?
by BrowserUk (Pope) on Jul 16, 2012 at 11:10 UTC
    Can anyone explain what this is about?

    This perhaps?


    With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    "Science is about questioning the status quo. Questioning authority".
    In the absence of evidence, opinion is indistinguishable from prejudice.

    The start of some sanity?

      The relevant discussions are on a private security list.

        I must say, I don't think keeping the exploits secret, when the software is not going to be changes changed to address them, is a good idea. Apparently the appropriate line of defense (I agree with what Chip Salzenberg said at the end of the thread) is with the dev anyway. I R DEV. THIS THREAD IS IN MY INTREST.

        And how many $s does it take to corrupt a perl dev on that list and get a zero day?
Re: Perl 5.16 binary filename security problem?
by chip (Curate) on Aug 14, 2012 at 21:13 UTC
    What is it about? It's about Reini either imagining a nonexistent problem (very likely) or being unable to adequately explain a problem he's found to the satisfaction of all experts (very unlikely).

        -- Chip Salzenberg, Free-Floating Agent of Chaos

      What is it about? It's about Reini either imagining a nonexistent problem (very likely) or being unable to adequately explain a problem he's found to the satisfaction of all experts (very unlikely).

      Its also about chip being coy

        "Coy?" Please explain. I am confused. (edited to remove reference to accidental anonymity, which did not apply)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://982005]
Approved by Old_Gray_Bear
Front-paged by Arunbear
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (3)
As of 2014-04-24 00:09 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (557 votes), past polls