Re^5: Bug in perl command line processing?

by davido (Cardinal)

on May 22, 2012 at 21:50 UTC ( [id://971892]=note: print w/replies, xml )

Need Help??

Absolutely.

BTW: It doesn't seem to propagate into full-fledged scripts like this:

#!/usr/bin/perl -i'foo e eval "warn q[bar]" '
1;
[download]

From what I can tell, -i has to actually appear on the command-line, which hopefully self-limits its significance as a tool for exploit.

Dave

Comment on Re^5: Bug in perl command line processing? Select or Download Code

Replies are listed 'Best First'.

From what I can tell, -i has to actually appear on the command-line

Yup,

$ cat uhoh
#!/usr/bin/perl -i.bak e die(666)
1;

$ perl uhoh
Can't emulate -e on #! line at uhoh line 1.
[download]

which hopefully self-limits its significance as a tool for exploit.

Hmm, the only exploit situation i an envision is someone naively automating perl, for example from perl

system $^X, "-i$bak", ...
[download]

which doesn't seem unreasonable. I suppose given that -e commandline documents

$ perl  -e warn(1); -e die(2);
1 at -e line 1.
2 at -e line 2.
[download]

folks might be scared away from automating perl this way, but then again whitespace in paths is not unheard of

Domain Nodelet^?

Node Status^?

node history
Node Type: note [id://971892]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others exploiting the Monastery: (5)

As of 2024-04-25 13:07 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

No recent polls found