in reply to Re^3: Bug in perl command line processing?in thread Bug in perl command line processing?
Yes, but to me that is THE bug.
BTW: It doesn't seem to propagate into full-fledged scripts like this:
#!/usr/bin/perl -i'foo e eval "warn q[bar]" '
From what I can tell, -i has to actually appear on the command-line, which hopefully self-limits its significance as a tool for exploit.
From what I can tell, -i has to actually appear on the command-line
$ cat uhoh
#!/usr/bin/perl -i.bak e die(666)
$ perl uhoh
Can't emulate -e on #! line at uhoh line 1.
which hopefully self-limits its significance as a tool for exploit.
Hmm, the only exploit situation i an envision is someone naively automating perl, for example from perl
system $^X, "-i$bak", ...
which doesn't seem unreasonable.
I suppose given that -e commandline documents
$ perl -e warn(1); -e die(2);
1 at -e line 1.
2 at -e line 2.
folks might be scared away from automating perl this way, but then again whitespace in paths is not unheard of
Results (311 votes). Check out past polls.