Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re^2: Vulnerabilities when editing untrusted code... (Komodo)

by LanX (Canon)
on Jul 01, 2010 at 11:05 UTC ( #847492=note: print w/ replies, xml ) Need Help??


in reply to Re: Vulnerabilities when editing untrusted code... (Komodo)
in thread Vulnerabilities when editing untrusted code... (Komodo)

Really???

lanx@nc10-ubuntu:~$ cat >/tmp/tst.pl exit; ''=~('(?{B'.'EGIN{print "owned\n"}})') lanx@nc10-ubuntu:~$ perl /tmp/tst.pl owned lanx@nc10-ubuntu:~$ perl -c /tmp/tst.pl /tmp/tst.pl syntax OK

A syntax check doesn't execute your code!

UPDATE:

corrected test:

lanx@nc10-ubuntu:/tmp$ cat >tst.pl exit; ''=~('(?{B'.'EGIN{print "owned"}})') lanx@nc10-ubuntu:/tmp$ cat tst.pl exit; ''=~('(?{B'.'EGIN{print "owned"}})') lanx@nc10-ubuntu:/tmp$ perl -c tst.pl tst.pl syntax OK ownedlanx@nc10-ubuntu:/tmp$

WOW! 8(

Cheers Rolf


Comment on Re^2: Vulnerabilities when editing untrusted code... (Komodo)
Select or Download Code
Replies are listed 'Best First'.
Re^3: Vulnerabilities when editing untrusted code... (Komodo)
by Fox (Pilgrim) on Jul 01, 2010 at 11:59 UTC
    well, it actually executes for me:
    $ perl -c tst.pl owned tst.pl syntax OK $ perl -MO=Deparse tst.pl owned exit; '' =~ /(?{BEGIN{print "owned\n"}})/; tst.pl syntax OK $ perl --version This is perl, v5.10.0 built for x86_64-linux-gnu-thread-multi Copyright 1987-2007, Larry Wall Perl may be copied only under the terms of either the Artistic License + or the GNU General Public License, which may be found in the Perl 5 source ki +t. Complete documentation for Perl, including FAQ lists, should be found +on this system using "man perl" or "perldoc perl". If you have access to + the Internet, point your browser at http://www.perl.org/, the Perl Home Pa +ge. $
      Thanks!

      my fault, apparently I oversaw the "owend" text before the prompt.

      Thats REALLY strange... 8(

      Cheers Rolf

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://847492]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (18)
As of 2015-07-29 16:09 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (265 votes), past polls