Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re: Vulnerabilities when editing untrusted code... (Komodo)

by mtve (Chaplain)
on Jul 01, 2010 at 09:50 UTC ( #847484=note: print w/ replies, xml ) Need Help??


in reply to Vulnerabilities when editing untrusted code... (Komodo)

your approach wouldn't help:

exit; ''=~('(?{B'.'EGIN{print "owned"}})')

see also Acme::EyeDrops


Comment on Re: Vulnerabilities when editing untrusted code... (Komodo)
Download Code
Re^2: Vulnerabilities when editing untrusted code... (Komodo)
by LanX (Canon) on Jul 01, 2010 at 11:05 UTC
    Really???

    lanx@nc10-ubuntu:~$ cat >/tmp/tst.pl exit; ''=~('(?{B'.'EGIN{print "owned\n"}})') lanx@nc10-ubuntu:~$ perl /tmp/tst.pl owned lanx@nc10-ubuntu:~$ perl -c /tmp/tst.pl /tmp/tst.pl syntax OK

    A syntax check doesn't execute your code!

    UPDATE:

    corrected test:

    lanx@nc10-ubuntu:/tmp$ cat >tst.pl exit; ''=~('(?{B'.'EGIN{print "owned"}})') lanx@nc10-ubuntu:/tmp$ cat tst.pl exit; ''=~('(?{B'.'EGIN{print "owned"}})') lanx@nc10-ubuntu:/tmp$ perl -c tst.pl tst.pl syntax OK ownedlanx@nc10-ubuntu:/tmp$

    WOW! 8(

    Cheers Rolf

      well, it actually executes for me:
      $ perl -c tst.pl owned tst.pl syntax OK $ perl -MO=Deparse tst.pl owned exit; '' =~ /(?{BEGIN{print "owned\n"}})/; tst.pl syntax OK $ perl --version This is perl, v5.10.0 built for x86_64-linux-gnu-thread-multi Copyright 1987-2007, Larry Wall Perl may be copied only under the terms of either the Artistic License + or the GNU General Public License, which may be found in the Perl 5 source ki +t. Complete documentation for Perl, including FAQ lists, should be found +on this system using "man perl" or "perldoc perl". If you have access to + the Internet, point your browser at http://www.perl.org/, the Perl Home Pa +ge. $
        Thanks!

        my fault, apparently I oversaw the "owend" text before the prompt.

        Thats REALLY strange... 8(

        Cheers Rolf

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://847484]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (5)
As of 2014-12-20 10:49 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (95 votes), past polls