Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re^4: Bug in perl command line processing?

by demerphq (Chancellor)
on May 22, 2012 at 21:41 UTC ( #971887=note: print w/ replies, xml ) Need Help??


in reply to Re^3: Bug in perl command line processing?
in thread Bug in perl command line processing?

Yes, but to me that is THE bug.

---
$world=~s/war/peace/g


Comment on Re^4: Bug in perl command line processing?
Re^5: Bug in perl command line processing?
by davido (Archbishop) on May 22, 2012 at 21:50 UTC

    Absolutely.

    BTW: It doesn't seem to propagate into full-fledged scripts like this:

    #!/usr/bin/perl -i'foo e eval "warn q[bar]" ' 1;

    From what I can tell, -i has to actually appear on the command-line, which hopefully self-limits its significance as a tool for exploit.


    Dave

      From what I can tell, -i has to actually appear on the command-line

      Yup,

      $ cat uhoh #!/usr/bin/perl -i.bak e die(666) 1; $ perl uhoh Can't emulate -e on #! line at uhoh line 1.

      which hopefully self-limits its significance as a tool for exploit.

      Hmm, the only exploit situation i an envision is someone naively automating perl, for example from perl

      system $^X, "-i$bak", ...

      which doesn't seem unreasonable. I suppose given that -e commandline documents

      $ perl -e warn(1); -e die(2); 1 at -e line 1. 2 at -e line 2.

      folks might be scared away from automating perl this way, but then again whitespace in paths is not unheard of

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://971887]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (8)
As of 2014-09-02 08:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite cookbook is:










    Results (20 votes), past polls