Re^2: Vulnerabilities when editing untrusted code... (Komodo)

in reply to Re: Vulnerabilities when editing untrusted code... (Komodo)
in thread Vulnerabilities when editing untrusted code... (Komodo)

~~Really???~~

lanx@nc10-ubuntu:~$ cat >/tmp/tst.pl
exit; ''=~('(?{B'.'EGIN{print "owned\n"}})')
lanx@nc10-ubuntu:~$ perl /tmp/tst.pl
owned
lanx@nc10-ubuntu:~$ perl -c /tmp/tst.pl
/tmp/tst.pl syntax OK
[download]

~~A syntax check doesn't execute your code!~~

UPDATE:

corrected test:

lanx@nc10-ubuntu:/tmp$ cat >tst.pl
exit; ''=~('(?{B'.'EGIN{print "owned"}})')
lanx@nc10-ubuntu:/tmp$ cat tst.pl
exit; ''=~('(?{B'.'EGIN{print "owned"}})')
lanx@nc10-ubuntu:/tmp$ perl -c tst.pl
tst.pl syntax OK
ownedlanx@nc10-ubuntu:/tmp$
[download]

WOW! 8(

Cheers Rolf

Comment on Re^2: Vulnerabilities when editing untrusted code... (Komodo) Select or Download Code

Replies are listed 'Best First'.
Re^3: Vulnerabilities when editing untrusted code... (Komodo) by Fox (Pilgrim) on Jul 01, 2010 at 11:59 UTC
well, it actually executes for me: $ perl -c tst.pl owned tst.pl syntax OK $ perl -MO=Deparse tst.pl owned exit; '' =~ /(?{BEGIN{print "owned\n"}})/; tst.pl syntax OK $ perl --version This is perl, v5.10.0 built for x86_64-linux-gnu-thread-multi Copyright 1987-2007, Larry Wall Perl may be copied only under the terms of either the Artistic License + or the GNU General Public License, which may be found in the Perl 5 source ki +t. Complete documentation for Perl, including FAQ lists, should be found +on this system using "man perl" or "perldoc perl". If you have access to + the Internet, point your browser at http://www.perl.org/, the Perl Home Pa +ge. $ [download]	[reply] [d/l]
Re^4: Vulnerabilities when editing untrusted code... (Komodo) by LanX (Saint) on Jul 01, 2010 at 12:21 UTC
Thanks! my fault, apparently I oversaw the "owend" text before the prompt. Thats REALLY strange... 8( Cheers Rolf	[reply]

In Section Meditations