I was playing around with perl -s
today, trying to come up with an obfu, and i realized that it allows you to modify read only variables
Now I am hoping that perl scopes the vars off of the command line differently, localizes them somehow, but it still makes for some SURPRISING RESULTS. As an example, the below code, (perl 5.6.1 i386 Linux) when run with no command line options, prints "got password = hello", but when run with the command line switch "-1=foo", it prints "got password=foo"!!!! Doesn't this seem dangerous? Is this acceptable behavior? I would love some input on this:
#! /usr/bin/perl -ws
my $test = "hello";
$test =~ m/(.*)/;
print "got password = $1\n\n";
Thanks a lot,
"LISP programmers know the value of everything, and the cost of nothing"
I also just tested that i can remove the -s from the script, then just run it with "perl -s scrip.pl -1=foo" and the hackish behavior still works, so this seems to be a vulnerability whether you use -s or not?
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
Outside of code tags, you may need to use entities for some characters:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.
| & || & |
| < || < |
| > || > |
| [ || [ |
| ] || ] ||