Re^4: Bug in perl command line processing?

Replies are listed 'Best First'.
Re^5: Bug in perl command line processing? by davido (Cardinal) on May 22, 2012 at 21:50 UTC
Absolutely. BTW: It doesn't seem to propagate into full-fledged scripts like this: `#!/usr/bin/perl -i'foo e eval "warn q[bar]" ' 1;` [download] From what I can tell, `-i` has to actually appear on the command-line, which hopefully self-limits its significance as a tool for exploit. Dave	[reply] [d/l] [select]
Re^6: Bug in perl command line processing? by Anonymous Monk on May 22, 2012 at 22:58 UTC
From what I can tell, -i has to actually appear on the command-line Yup, `$ cat uhoh #!/usr/bin/perl -i.bak e die(666) 1; $ perl uhoh Can't emulate -e on #! line at uhoh line 1.` [download] which hopefully self-limits its significance as a tool for exploit. Hmm, the only exploit situation i an envision is someone naively automating perl, for example from perl `system $^X, "-i$bak", ...` [download] which doesn't seem unreasonable. I suppose given that -e commandline documents `$ perl -e warn(1); -e die(2); 1 at -e line 1. 2 at -e line 2.` [download] folks might be scared away from automating perl this way, but then again whitespace in paths is not unheard of	[reply] [d/l] [select]


Your skill will accomplish what the force of many cannot
	PerlMonks