[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]

Re: [ID 19991230.004] Phrack finds a major perl bug

From: Chip Salzenberg <chip@valinux.com>
To: Matthias Urlichs <smurf@noris.de>
Cc: Russ Allbery <rra@stanford.edu>, ap296@torfree.net, perl5-porters@perl.org
Date: Mon, 3 Jan 2000 15:05:23 -0800
Message-ID: <20000103150523.C31075@perlsupport.com>

According to Matthias Urlichs:
> Chip Salzenberg:
> > Hm.  I wonder if we should address this by forbidding NUL bytes in
> > sysopen() filenames.
> 
> I'm all for it. It _should_ have been caught using the taint checks which
> already exist, though...

Ah, yes, quite so.  I knew there was something I was missing!
So that should be our primary reply to the reporter of the "bug".
-- 
Chip Salzenberg          - a.k.a. -           <chip@valinux.com>
        "He's Mr. Big of 'Big And Tall' fame."  // MST3K

References to:: ap296@torfree.net
Russ Allbery <rra@stanford.edu>
Chip Salzenberg <chip@valinux.com>
"Matthias Urlichs" <smurf@noris.de>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]