Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re^5: Bug in perl command line processing?

by davido (Archbishop)
on May 22, 2012 at 21:50 UTC ( #971892=note: print w/ replies, xml ) Need Help??


in reply to Re^4: Bug in perl command line processing?
in thread Bug in perl command line processing?

Absolutely.

BTW: It doesn't seem to propagate into full-fledged scripts like this:

#!/usr/bin/perl -i'foo e eval "warn q[bar]" ' 1;

From what I can tell, -i has to actually appear on the command-line, which hopefully self-limits its significance as a tool for exploit.


Dave


Comment on Re^5: Bug in perl command line processing?
Select or Download Code
Replies are listed 'Best First'.
Re^6: Bug in perl command line processing?
by Anonymous Monk on May 22, 2012 at 22:58 UTC

    From what I can tell, -i has to actually appear on the command-line

    Yup,

    $ cat uhoh #!/usr/bin/perl -i.bak e die(666) 1; $ perl uhoh Can't emulate -e on #! line at uhoh line 1.

    which hopefully self-limits its significance as a tool for exploit.

    Hmm, the only exploit situation i an envision is someone naively automating perl, for example from perl

    system $^X, "-i$bak", ...

    which doesn't seem unreasonable. I suppose given that -e commandline documents

    $ perl -e warn(1); -e die(2); 1 at -e line 1. 2 at -e line 2.

    folks might be scared away from automating perl this way, but then again whitespace in paths is not unheard of

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://971892]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (13)
As of 2015-07-30 16:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (273 votes), past polls