Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

I'm a little suprised people are still being suprised by the magic of the open call.

I'm not surprised by the open call. I'm surprised that Perl uses this way to open files with magic ARGV. Three argument open would have been a lot safer.

I'm very sure I'm not the only one who forgot that magic ARGV uses normal two-arg open internally. The number of exploitable scripts made by my customers and myself proves that most people are unaware of the security problems or chose to simply ignore them. I found 15 so far.

If you're worried, turn on taint.

Thanks. Even though I hate Perl's tainting mechanism, I'll use it here. It still cannot really fix the problem, since scripts will now die if they encounter an invalid file.

BTW, who runs oneliners as root? (i'd consider that a bug)

Everyone who needs a script to run as root runs scripts as root.

Users can't do everything root can, and sometimes you need to be root to do what you want to do.
Not everything can be done by a user, some things need to be done by root.

And some of those things are made by me, and those things made by me are written in Perl.
Perl is a powerful language that lets me do those things in simple one-liners, so I do do that with simple one-liners.

The one-liners run as root because they need to do things that only root can do.
The one-liners couldn't do what they need to do if they were not run as root.
And THAT would be a bug.

Juerd # { site => '', plp_site => '', do_not_use => 'spamtrap' }

In reply to Re: Re: Dangerous diamonds! by Juerd
in thread Dangerous diamonds! by Juerd

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others examining the Monastery: (5)
    As of 2020-01-21 05:03 GMT
    Find Nodes?
      Voting Booth?