Re: Trojan Horse? (taint mode)

by BrentDax (Hermit)

on Nov 26, 2001 at 11:46 UTC ( [id://127501]=note: print w/replies, xml )

Need Help??

There are some pretty dangerous possibilities:

$a=" (?{system('rm -rf *')})";
$b=~/foo($a)bar/;
[download]

That will ruin your whole day.

=cut
--Brent Dax
There is no sig.

Comment on Re: Trojan Horse? (taint mode) Download Code

Replies are listed 'Best First'.
Re: Re: Trojan Horse? (taint mode) by blakem (Monsignor) on Nov 26, 2001 at 13:18 UTC
For this to ruin your day, you would have to explicitly permit the execution of code within interpolated variables with `use re 'eval';` So, like the example in the book, it looks scary on the surface, but isn't that bad in practice. -Blake	[reply] [d/l]
Re: Re: Re: Trojan Horse? (taint mode) by chip (Curate) on Nov 27, 2001 at 01:58 UTC
Boy am I glad I pushed for `use re 'eval'`. It's at times like this when paranoia pays off... -- Chip Salzenberg, Free-Floating Agent of Chaos	[reply] [d/l]

Domain Nodelet^?

Node Status^?

node history
Node Type: note [id://127501]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others perusing the Monastery: (3)

As of 2024-04-25 09:43 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

No recent polls found