Re: Bug in perl command line processing?
by sauoq (Abbot) on May 22, 2012 at 20:43 UTC
|
$ perl -MO=Deparse -i'foo e eval "warn q[bar]";' -e1
BEGIN { $^I = "foo"; }
eval 'warn q[bar]';
'???';
-e syntax OK
-sauoq
"My two cents aren't worth a dime.";
| [reply] [d/l] |
|
$ perl -MO=Deparse -i'foo e eval "warn q[bar]";'
BEGIN { $^I = "foo"; }
eval 'warn q[bar]';
-e syntax OK
I vote bug.
---
$world=~s/war/peace/g
| [reply] [d/l] |
|
The -e1 is unnecessary.
That seems to be because perl sees the 'e' in 'foo e eval...' as an -e command line switch. Change it to something else besides 'e' and the behavior changes.
It sort of feels like the same sort of exploit one should worry about when using the two-arg open unsafely, passing user data to a database without placeholders, or instantiating user data as variable names.
| [reply] [d/l] [select] |
|
|
|
|
| [reply] |
|
Right that is obviously what is doing, but is that safe for Perl and not the shell to break apart an argument on spaces? This seems dangerous. You now need to sanitize your backup-character-extensions for space characters because perl may otherwise execute it as code?
| [reply] |
|
I think you found a real bug. And, sure, there are security implications. Theoretically, anyway. There are probably not that many places where this poses a real security threat. There's more potential for it to cause things to break and leave people scratching their heads though.
-sauoq
"My two cents aren't worth a dime.";
| [reply] |
Re: Bug in perl command line processing?
by Anonymous Monk on May 23, 2012 at 01:20 UTC
|
| [reply] |
Re: Bug in perl command line processing?
by Anonymous Monk on May 22, 2012 at 22:10 UTC
|
Looks like this has always been the case, with win32 perl-5.6.1
C:\> perl -MData::Dump -e " dd\@ARGV " perl -i".bak h "
["perl", "-i.bak h "]
C:\> perl -i".bak h "
Usage: *snip*
You might expect this to turn up some bug reports but it doesn't, see https://rt.perl.org/rt3/Public/Search/Simple.html?q=whitespace+-i | [reply] [d/l] |
Re: Bug in perl command line processing?
by Anonymous Monk on May 22, 2012 at 20:36 UTC
|
| [reply] |
|
| [reply] |
|
This completely misses the point.
Not it doesn't , the point of a "SEE ALSO" section is to "SEE ALSO"
The OP doesn't even specify what shell he is dealing with, and this is shell quoting territory
| [reply] |
|
|
|
|
|
|
|