Re^6: 'do' command is dead? Surely not?

Because something as seemingly safe as use strict can load strict.pm from the current working directory, which might be somewhere globally writable like "/tmp/".

There was apparently a real-world way of exploiting this to do nasty stuff, but the Perl development team haven't yet publicly disclosed what it is. I imagine it's an exploit in some commonly used Perl web app like cPanel or Webmin. They do plan on releasing the info eventually, once they've decided people have had enough time to move to newer Perl versions which don't have "." in @INC by default.

Comment on Re^6: 'do' command is dead? Surely not? Download Code

Replies are listed 'Best First'.
Re^7: 'do' command is dead? Surely not? by KurtZ (Friar) on May 19, 2017 at 15:53 UTC
I see, thanks. :)	[reply]
Re^7: 'do' command is dead? Surely not? by Anonymous Monk on May 19, 2017 at 17:58 UTC
That sounds false, cause . was last in @INC for a long time, so strict.pm from /tmp is not a situation that could have happened	[reply]
Re^8: 'do' command is dead? Surely not? by Corion (Patriarch) on May 19, 2017 at 18:33 UTC
Maybe not `strict.pm` but some other (optional) module that was not present in the original system could still be loaded from `/tmp`.	[reply] [d/l] [select]
Re^9: 'do' command is dead? Surely not? by Anonymous Monk on May 19, 2017 at 18:38 UTC
the program would have to be trying to load said module first ... its expecting it to exist	[reply]
Re^10: 'do' command is dead? Surely not? by Corion (Patriarch) on May 20, 2017 at 09:31 UTC
Re^11: 'do' command is dead? Surely not? by Anonymous Monk on May 25, 2017 at 00:12 UTC
Some notes below your chosen depth have not been shown here
Re^10: 'do' command is dead? Surely not? by dsheroh (Monsignor) on May 20, 2017 at 09:12 UTC