Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
I never said "Perl is a poor tool". I suppose I could have been more precise and said something awkward

I realized what you intended to say after I responded to it. That's why I added the footnote. You stated it well enough; the confusion was mine. I'm sorry I didn't take the time to reword my response there.

I consider the feature of executing filenames to be a pathetic feature.

I do agree. I just don't think that the implications are all that serious in reality. From a theoretical standpoint, it's friggin' terrible. But once you take into account how systems are really used, the impact is minimal because it is so impractical to exploit.

I don't think such needs to induce panic.

I guess big nouns don't always make for eloquent speech either. Like I said, I do advocate education. I'd prefer a "using perl -ne as root has some security implications you should be aware of" to an absolutist "don't do it" approach though.

2-argument open just doesn't bother me near as much.

Really? Now see, that one bothers me a lot more. And for a very simple reason: it has resulted in many more actual serious security vulnerabilities. In theory, it might be less egregious but in practice it has been improperly used by scads of casual programmers who have unwittingly written innumerable remote exploits. And they continue to do so. That's a problem that won't go away until two-argument open does (or is fixed.)

-sauoq
"My two cents aren't worth a dime.";

In reply to Re: Re^4: Dangerous diamonds! (races) by sauoq
in thread Dangerous diamonds! by Juerd

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and all is quiet...

    How do I use this? | Other CB clients
    Other Users?
    Others examining the Monastery: (5)
    As of 2018-07-16 23:48 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?
      It has been suggested to rename Perl 6 in order to boost its marketing potential. Which name would you prefer?















      Results (352 votes). Check out past polls.

      Notices?